Package: Invicti AppSec Core (on-demand)
Roles overview
Roles define what actions users can perform in Invicti AppSec. Invicti AppSec assigns each user a role, which determines their level of access across the platform. Invicti AppSec provides six built-in roles, and Enterprise users can customize permissions and create custom roles.
Invicti AppSec Core includes the same six built-in roles with fixed permissions. Core users can't view the Roles page, amend role permissions, or create custom roles.
Built-in roles
| Role | Description |
|---|---|
| Admin | Full system access with all permissions. |
| Manager | Manages business units and products. Has view-only access to associated projects. |
| Product Owner | Responsible for products. Has read-only access to project dashboards, vulnerabilities, and SBOM. |
| Team Lead | Oversees projects assigned to their team. Can access products if at least one project their team manages is within that product. |
| Developer | View-only access to projects assigned to their team. Can submit suppression requests (false positive, risk accepted) but cannot approve them. |
| Pentester | Limited access focused on importing vulnerabilities into projects. |
Built-in roles cannot be deleted. Their permissions can be amended, but you can always reset them to default.
Custom roles
You can create custom roles that inherit permissions from a built-in parent role. Custom roles allow you to tailor access by removing specific permissions from the parent role's baseline.
Permission categories
Permissions are organized across the following categories:
- Global dashboard: access to the main dashboard
- Products: read, add, write, delete, and user management
- Projects: CRUD operations, dashboard, settings, and file management
- Scans: read, write, delete, and view completed/failed scans
- Vulnerabilities: read, add, write, export, and screenshot management
- SBOM: component viewing and export
- Users & teams: user management, role assignment, team administration
- Automation: setup and workflow configuration
- Integrations: read, write, delete, and ALM tool access
- Suppressions: false positive and risk acceptance request handling
To view the roles list, select Users and teams > Roles from the left side menu.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center