Portal roles and permissions

Access to different parts and features of the Portal is controlled by various user roles. There are two types of user roles:

Organization roles - Organization Administrator, Organization Member, Organization Security
Group roles - Group Owner, Maintainer, Group Member, Group Observer

Users with the "Organization Administrator" role have a higher level of control and can manage settings for the whole organization and all groups within it.

The "Organization Security" role is intended for your company security team as it offers only those permissions needed to effectively manage the security of your organization.

By default, users have the "Organization Member" role. Organization administrators can change the organization role for every user on the Manage Groups/Members page.

Each user can have only one organization role, but be a member and/or owner of multiple groups. A group can have multiple users with the "Group Owner" role.

Users with group roles can access the projects owned by their respective groups, but cannot change anything on the organization level. When users are added to a group, the "Group Member" role is automatically assigned to them. Organization administrators can change this at any time.

For more granular control within Portal groups, there's also a possibility to choose a "Maintainer" role. It falls somewhere between a "Group Owner" and "Group Member", as users with this role can manage projects but are not allowed to configure policies on organization or group level.

In addition to the user roles mentioned above, there is also a Group Observer role. Users with this read-only role can explore the Portal without any risk of making unwanted changes.

The following sections provide a detailed overview of permissions for each user role in the Portal.

Access management permissions
File management permissions
Portal configuration permissions

Access management permissions

Permission	Organization Administrator	Organization Member	Organization Security	Group Owner	Maintainer	Group Member	Group Observer
Create organization	✖	✖	✖	✖	✖	✖	✖
Create group	✓	✖	✖	✖	✖	✖	✖
Delete group	✓	✖	✖	✖	✖	✖	✖
Remove members from organization	✓	✖	✖	✖	✖	✖	✖
Edit other member info	✓	✖	✖	✖	✖	✖	✖
Invite members to organization	✓	✖	✖	✖	✖	✖	✖
Trigger password reset	✓	✖	✓	✖	✖	✖	✖
Add organization members to a group	✓	✖	✖	✓	✖	✖	✖
Remove member from a group	✓	✖	✖	✓	✖	✖	✖
Modify member group role	✓	✖	✖	✓	✖	✖	✖
Modify member organization role	✓	✖	✖	✖	✖	✖	✖
Set group as default	✓	✖	✖	✖	✖	✖	✖
View group	✓	✓	✓	✓	✓	✓	✓
View all groups	✓	✓	✓	✓	✓	✓	✖
View all organization members	✓	✓	✓	✓	✓	✓	✓
View group members	✓	✖	✓	✓	✓	✓	✓

File management permissions

File stream

Permission	Organization Administrator	Organization Member	Organization Security	Group Owner	Maintainer	Group Member	Group Observer
Upload file	✓	✖	✖	✓	✓	✓	✖
Renalyze file	✓	✖	✖	✓	✓	✓	✖
Delete file	✓	✖	✖	✓	✓	✓	✖
Edit software info on a file	✓	✖	✓	✓	✓	✓	✖
View all filestream files	✓	✖	✓	✓	✓	✓	✓
Diff two files	✓	✖	✖	✓	✓	✓	✖
Modify file approval status	✓	✖	✓	✓	✖	✖	✖
Download approved file	✓	✓	✓	✓	✓	✓	✓
Export reports (CycloneDX, Sarif, SPDX, RL-CVE, RL-URI) from UI	✓	✖	✓	✓	✓	✓	✓

Projects

Permission	Organization Administrator	Organization Member	Organization Security	Group Owner	Maintainer	Group Member	Group Observer
Create project	✓	✖	✖	✓	✓	✖	✖
Delete project	✓	✖	✖	✓	✓	✖	✖
Create package	✓	✖	✖	✓	✓	✖	✖
Delete package	✓	✖	✖	✓	✓	✖	✖
Upload artifact	✓	✖	✖	✓	✓	✖	✖
Delete artifact	✓	✖	✖	✓	✓	✖	✖
Reanalyze package	✓	✖	✖	✓	✓	✖	✖
Reanalyze artifact	✓	✖	✖	✓	✓	✖	✖
Edit software info for an artifact	✓	✖	✖	✓	✓	✖	✖
Modify artifact approval status	✓	✖	✓	✓	✖	✖	✖
Download approved artifact	✓	✓	✓	✓	✓	✓	✓
View projects	✓	✖	✓	✓	✓	✓	✓
View packages	✓	✖	✓	✓	✓	✓	✓
View artifacts	✓	✖	✓	✓	✓	✓	✓
View list of shared reports	✓	✖	✓	✓	✓	✓	✓
Edit shared reports	✓	✖	✓	✓	✓	✖	✖
Export reports (CycloneDX, Sarif, SPDX, RL-CVE, RL-URI, RL-SAFE, PDF) from UI	✓	✖	✓	✓	✓	✓	✓

Portal configuration permissions

Permission	Organization Administrator	Organization Member	Organization Security	Group Owner	Maintainer	Group Member	Group Observer
Configure organization policy profile	✓	✖	✓	✖	✖	✖	✖
View organization policy profile	✓	✖	✓	✓	✓	✓	✓
Configure group policy profile	✓	✖	✓	✓	✖	✖	✖
View group policy profile	✓	✖	✓	✓	✓	✓	✓
Assign monthly processing capacity to organization	✓	✖	✖	✖	✖	✖	✖
Assign promotional capacity to organization	✓	✖	✖	✖	✖	✖	✖
View organization monthly capacity and usage	✓	✓	✓	✓	✓	✓	✓
Add capacity reservation for a group	✓	✖	✖	✖	✖	✖	✖
View monthly usage summary per group	✓	✓	✓	✓	✓	✓	✓
View monthly usage details per group	✓	✖	✓	✓	✓	✓	✓
Setup SSO for organization	✓	✖	✖	✖	✖	✖	✖
Read and edit session lifetime configuration	✓	✖	✖	✖	✖	✖	✖
Generate personal access token for a user	✖	✖	✖	---	---	---	---
List personal access tokens for a user	✓	✖	✓	---	---	---	---
Revoke user's personal access token	✓	✖	✓	---	---	---	---
Revoke all personal access tokens for a user	✓	✖	✓	---	---	---	---
Revoke all personal access tokens for all users	✓	✖	✓	---	---	---	---

NOTE

The --- symbol indicates that the permission is not applicable to that user role.

Access management permissions​

File management permissions​

File stream​

Projects​

Portal configuration permissions​

Access management permissions

File management permissions

File stream

Projects

Portal configuration permissions