Roles And Permissions
Configure who can do what in your organization. BlockSecOps uses Role-Based Access Control (RBAC) to manage permissions: - Roles define what actions users can...
Roles & Permissions
Configure who can do what in your organization.
Overview
BlockSecOps uses Role-Based Access Control (RBAC) to manage permissions:
- Roles define what actions users can take
- Permissions are specific capabilities
- Scope determines where permissions apply
Organization Roles
Owner
The organization creator with full control.
Permissions:
- Everything Admins can do, plus:
- Delete organization
- Transfer ownership
- Manage billing
- Access all data
Limit: One owner per organization.
Admin
Trusted users who manage the organization.
Permissions:
- Invite and remove members
- Change member roles (except Owner)
- Create and manage teams
- Configure organization settings
- Access audit logs
- Manage all projects
Member
Standard users who work within the organization.
Permissions:
- View shared projects
- Run scans
- Manage findings (triage, comment)
- Create personal projects
- Export reports
Permission Matrix
| Permission | Owner | Admin | Member |
|---|---|---|---|
| Organization | |||
| View organization | ✓ | ✓ | ✓ |
| Edit organization settings | ✓ | ✓ | - |
| Delete organization | ✓ | - | - |
| Manage billing | ✓ | - | - |
| Members | |||
| View members | ✓ | ✓ | ✓ |
| Invite members | ✓ | ✓ | - |
| Remove members | ✓ | ✓ | - |
| Change roles | ✓ | ✓* | - |
| Teams | |||
| Create teams | ✓ | ✓ | - |
| Manage teams | ✓ | ✓ | - |
| Projects | |||
| View all projects | ✓ | ✓ | By access |
| Create projects | ✓ | ✓ | ✓ |
| Delete any project | ✓ | ✓ | Own only |
| Scans | |||
| Run scans | ✓ | ✓ | ✓ |
| View all scans | ✓ | ✓ | By access |
| Findings | |||
| View findings | ✓ | ✓ | By access |
| Triage findings | ✓ | ✓ | ✓ |
| Assign findings | ✓ | ✓ | ✓ |
| Audit | |||
| View audit logs | ✓ | ✓ | - |
| Export audit logs | ✓ | ✓ | - |
*Admins cannot change Owner role.
Project-Level Roles
Within projects, additional granularity:
| Role | View | Scan | Manage | Admin |
|---|---|---|---|---|
| Viewer | ✓ | - | - | - |
| Scanner | ✓ | ✓ | - | - |
| Manager | ✓ | ✓ | ✓ | - |
| Admin | ✓ | ✓ | ✓ | ✓ |
Changing Roles
Change Member Role
- Go to Organization → Members
- Click the member
- Click Edit Role
- Select new role
- Save
Role Change Restrictions
- Only Owners can change Admin roles
- Cannot demote yourself
- Cannot have multiple Owners
Custom Roles (Enterprise)
Enterprise plans support custom roles:
Creating Custom Role
- Go to Organization → Roles
- Click Create Role
- Name the role
- Select permissions
- Save
Example Custom Roles
Auditor
- View all projects
- Run scans
- Export reports
- Cannot modify settings
Contractor
- View specific projects
- Run scans
- Cannot invite members
Compliance
- View audit logs
- Export reports
- Cannot run scans
Team-Based Permissions
How Teams Work
Teams group members for easier management:
- Assign permissions to teams
- Members inherit team permissions
- User can be in multiple teams
Team Permission Inheritance
Organization Role (base)
↓
+ Team Permissions (added)
↓
+ Project Permissions (specific)
↓
= Effective Permissions
Permission Precedence
When permissions conflict:
- Explicit deny overrides allow
- Project-level overrides team-level
- Team-level overrides org-level
- Higher role wins for org roles
Viewing Effective Permissions
For a Member
- Go to Organization → Members
- Click member
- View Effective Permissions tab
For Yourself
- Click your profile
- View My Permissions
Best Practices
Least Privilege
Give minimum necessary permissions:
- Start with Member role
- Promote to Admin only if needed
- Use project-level access for specific needs
Role Assignment
| User Type | Recommended Role |
|---|---|
| Founder/CTO | Owner |
| Security Lead | Admin |
| Senior Dev | Admin or Member |
| Developer | Member |
| Contractor | Member (limited projects) |
| Auditor | Member (view + scan) |
Regular Review
Periodically review:
- Who has Admin access
- Inactive members
- Unnecessary permissions
FAQ
Q: Can I have multiple Owners?
A: No. One Owner per organization. Use Admin for others.
Q: Can Members invite other Members?
A: No. Only Admins and Owners can invite.
Q: Can I restrict what scanners a Member can use?
A: Not currently. All members can use all available scanners.
Q: How do I audit permission changes?
A: Check Organization → Audit Logs.
Next Steps
- Creating Teams - Group members
- Project Access Control - Project permissions
- Audit Logs - Track changes