Team & User Permissions (RBAC)

Roles

Spectral provides four user roles: Owner, Admin, Member, and Read Only.

Owner: A superuser with full access to all Spectral features. Each organization can have only one Owner.

Admin: Has the same privileges as the Owner, except for modifying certain organization settings. Admin access can be restricted to specific teams within the organization or granted globally across the entire organization.

Member: Can view issues and take action on them, but only for assets they have permission to access.

Read Only: Has the same viewing permissions as Members but can only modify their own account details, such as their personal API key or report subscriptions.



User roles and teams can be assigned on the Organization page by an Admin or the Owner.

FeatureAdminMemberRead Only
Assets scanningVVV (unstaged scans)
Access all views and act on them (ignore, F/P)V (unless restricted to specific teams)V (only my team assets)View (only my team assets)
ReportsVV (only my team assets)View (only my team assets)
Manage Personal Notifications SettingsVVV
Scan ConfigurationVViewView
Settings - Weekly/Daily reportsVViewView
Generate API KeysTeam & PersonalPersonalPersonal
Invite new users and manage pending invitationsV
Change user rolesV
Delete AssetV
IntegrationsV
Org TeamsV
Asset MappingV
Custom RulesV
Remote IgnoreV

Access all assets privilege

Spectral provides the ability to grant access to all assets within the organization. This privilege can be assigned at either the team level or the user level. To enable this access, navigate to the Organization Settings page and apply the setting to a specific user or the entire team.

When granted this permission, users gain read access to all organizational assets. However, their operational capabilities remain restricted based on their assigned role.