Administration
Permissions
Role-based access control in Vulnsy — understand the available roles, what each one can access, and how to assign permissions to your team members.
Vulnsy uses role-based access control (RBAC) to manage what each user can see and do within your organization. Every user is assigned a role, and each role defines a set of permissions.
Available Roles
| Role | Description |
|---|---|
| Admin | Full access to all features. Can manage users, roles, templates, and organization settings. |
| Consultant | Can create and edit clients, projects, findings, and reports. The primary role for pentesters doing day-to-day work. |
| Third Party | External collaborators (partner firms, subcontracted testers). Access is limited to the specific projects and reports they are granted. |
| Viewer | Read-only access. Cannot create or edit any data. |
| Client | Portal access only. Can view and download documents shared through the client portal. Cannot access internal projects or findings. |
Permissions Matrix
| Action | Admin | Consultant | Third Party | Viewer | Client |
|---|---|---|---|---|---|
| Manage users and roles | Yes | -- | -- | -- | -- |
| Organization settings | Yes | -- | -- | -- | -- |
| Manage templates | Yes | -- | -- | -- | -- |
| Create/edit clients | Yes | Yes | -- | -- | -- |
| Create/edit projects | Yes | Yes | -- | -- | -- |
| Create/edit findings | Yes | Yes | Assigned projects | -- | -- |
| Create/edit reports | Yes | Yes | Assigned projects | -- | -- |
| View reports | Yes | Yes | Assigned only | Yes | -- |
| Export reports | Yes | Yes | Assigned only | -- | -- |
| Portal access | -- | -- | -- | -- | Yes |
The permissions matrix is configurable per organization. The table above shows the default configuration. Admins can adjust permissions from Admin > Permissions.
Managing Roles
To assign or change a user's role:
- Go to Admin > Users
- Select the user
- Choose the new role from the dropdown
- Save changes
Resetting Permissions
If your permissions configuration has become complex or inconsistent, you can reset to defaults:
- Go to Admin > Permissions
- Click Reset to Defaults
- Confirm the reset
Resetting permissions overwrites all custom permission changes for your organization. This cannot be undone.