Vulnsy Docs
Administration

Permissions

Role-based access control in Vulnsy — understand the available roles, what each one can access, and how to assign permissions to your team members.

Vulnsy uses role-based access control (RBAC) to manage what each user can see and do within your organization. Every user is assigned a role, and each role defines a set of permissions.

Available Roles

RoleDescription
AdminFull access to all features. Can manage users, roles, templates, and organization settings.
ConsultantCan create and edit clients, projects, findings, and reports. The primary role for pentesters doing day-to-day work.
Third PartyExternal collaborators (partner firms, subcontracted testers). Access is limited to the specific projects and reports they are granted.
ViewerRead-only access. Cannot create or edit any data.
ClientPortal access only. Can view and download documents shared through the client portal. Cannot access internal projects or findings.

Permissions Matrix

ActionAdminConsultantThird PartyViewerClient
Manage users and rolesYes--------
Organization settingsYes--------
Manage templatesYes--------
Create/edit clientsYesYes------
Create/edit projectsYesYes------
Create/edit findingsYesYesAssigned projects----
Create/edit reportsYesYesAssigned projects----
View reportsYesYesAssigned onlyYes--
Export reportsYesYesAssigned only----
Portal access--------Yes

The permissions matrix is configurable per organization. The table above shows the default configuration. Admins can adjust permissions from Admin > Permissions.

Managing Roles

To assign or change a user's role:

  1. Go to Admin > Users
  2. Select the user
  3. Choose the new role from the dropdown
  4. Save changes

Resetting Permissions

If your permissions configuration has become complex or inconsistent, you can reset to defaults:

  1. Go to Admin > Permissions
  2. Click Reset to Defaults
  3. Confirm the reset

Resetting permissions overwrites all custom permission changes for your organization. This cannot be undone.

On this page