Team & User Permissions (RBAC)

Roles

Spectral provides four user roles: Owner, Admin, Member, and Read Only.

Owner: A superuser with full access to all Spectral features. Each organization can have only one Owner.

Admin: Has the same privileges as the Owner, except for modifying certain organization settings. Admin access can be restricted to specific teams within the organization or granted globally across the entire organization.

Member: Can view issues and take action on them, but only for assets they have permission to access.

Read Only: Has the same viewing permissions as Members but can only modify their own account details, such as their personal API key or report subscriptions.

User roles and teams can be assigned on the Organization page by an Admin or the Owner.

Feature	Admin	Member	Read Only
Assets scanning	V	V	V (unstaged scans)
Access all views and act on them (ignore, F/P)	V (unless restricted to specific teams)	V (only my team assets)	View (only my team assets)
Reports	V	V (only my team assets)	View (only my team assets)
Manage Personal Notifications Settings	V	V	V
Scan Configuration	V	View	View
Settings - Weekly/Daily reports	V	View	View
Generate API Keys	Team & Personal	Personal	Personal
Invite new users and manage pending invitations	V
Change user roles	V
Delete Asset	V
Integrations	V
Org Teams	V
Asset Mapping	V
Custom Rules	V
Remote Ignore	V

Access all assets privilege

Spectral provides the ability to grant access to all assets within the organization. This privilege can be assigned at either the team level or the user level. To enable this access, navigate to the Organization Settings page and apply the setting to a specific user or the entire team.

When granted this permission, users gain read access to all organizational assets. However, their operational capabilities remain restricted based on their assigned role.

Updated 5 months ago