Understand roles and permissions
Which actions a role allows is governed by fine-grained permissions (abilities).
The roles
Permissions are granted through fixed roles. There is a closed set of roles — custom roles can’t be defined:
- Owner — full control including workspace ownership
- Admin — broad management of team, sites, content, and publishing
- Editor — edit and submit content
- Reviewer — approve content in the review workflow
- Publisher — trigger publications
- Operator — work on the scanner and findings
- Viewer — read-only access
Roles bundle permissions
Each role bundles concrete permissions — such as writing content, approving, publishing, or managing the team. This keeps responsibilities cleanly separated, for example by assigning approval and publishing to different people.