Roles & Permissions

Vulnotes uses role-based access control (RBAC) to determine what each user can do. Every user is assigned a role, and each role has a set of permissions.

Built-in roles

Vulnotes comes with two default roles:

• Admin - full access to everything, including user management, settings, and all data
• Pentester - can create and edit reports, findings, vulnerabilities, and companies, but cannot access administration settings

You can create additional roles to match your organization's structure.

Permission categories

Permissions are organized into categories that map to the main features of the platform. Each category has granular controls for create, read, update, and delete operations.

The main permission categories include:

• Reports - create, view, edit, delete, export reports
• Findings - add, edit, delete findings in reports
• Templates - manage report templates
• Vulnerabilities - manage the vulnerability library and templates
• Companies - manage clients and contacts
• Users - view and manage other users
• Settings - access administration settings
• Planning - create and manage events
• Notes - create and manage notes

Creating custom roles

Go to Administration > Roles & Permissions and click Add Role. Give your role a name, then toggle permissions on or off for each category.