Administration
Permissions
Role-based access control in Vulnsy -- understand the available roles and what each one can access.
Vulnsy uses role-based access control (RBAC) to manage what each user can see and do within your organization. Every user is assigned a role, and each role defines a set of permissions.
Available Roles
| Role | Description |
|---|---|
| Admin | Full access to all features. Can manage users, roles, templates, and organization settings. |
| Consultant | Can create and edit clients, projects, findings, and reports. The primary role for pentesters doing day-to-day work. |
| Contractor | Limited access, typically scoped to specific assigned projects. Cannot manage organization settings. |
| Third Party | External collaborators with restricted access. Useful for partner firms or subcontracted testers. |
| Viewer | Read-only access to reports and findings. Cannot create or edit any data. |
| Client | Portal access only. Can view and download documents shared through the client portal. Cannot access internal projects or findings. |
Permissions Matrix
| Action | Admin | Consultant | Contractor | Third Party | Viewer | Client |
|---|---|---|---|---|---|---|
| Manage users and roles | Yes | -- | -- | -- | -- | -- |
| Organization settings | Yes | -- | -- | -- | -- | -- |
| Manage templates | Yes | -- | -- | -- | -- | -- |
| Create/edit clients | Yes | Yes | -- | -- | -- | -- |
| Create/edit projects | Yes | Yes | -- | -- | -- | -- |
| Create/edit findings | Yes | Yes | Yes | -- | -- | -- |
| Create/edit reports | Yes | Yes | Yes | -- | -- | -- |
| View reports | Yes | Yes | Yes | Yes | Yes | -- |
| Export reports | Yes | Yes | Yes | -- | -- | -- |
| Portal access | -- | -- | -- | -- | -- | Yes |
The permissions matrix is configurable per organization. The table above shows the default configuration. Admins can adjust permissions from Admin > Permissions.
Managing Roles
To assign or change a user's role:
- Go to Admin > Users
- Select the user
- Choose the new role from the dropdown
- Save changes
Resetting Permissions
If your permissions configuration has become complex or inconsistent, you can reset to defaults:
- Go to Admin > Permissions
- Click Reset to Defaults
- Confirm the reset
Resetting permissions overwrites all custom permission changes for your organization. This cannot be undone.