Roles & Permissions
Roles & Permissions
Section titled “Roles & Permissions”NEURO uses role-based access control (RBAC) to manage what users can see and do within the platform.
Role Hierarchy
Section titled “Role Hierarchy”┌─────────────────────────────────────────────────────────────┐│ Admin ││ Full platform access + user management + settings │├─────────────────────────────────────────────────────────────┤│ Analyst ││ Create/edit projects, findings, reports │├─────────────────────────────────────────────────────────────┤│ Reviewer ││ View and comment on all content │├─────────────────────────────────────────────────────────────┤│ Viewer ││ Read-only access to assigned projects │└─────────────────────────────────────────────────────────────┘Permission Matrix
Section titled “Permission Matrix”Project Permissions
Section titled “Project Permissions”| Action | Admin | Analyst | Reviewer | Viewer |
|---|---|---|---|---|
| View all projects | - | - | - | - |
| View assigned projects | - | - | - | - |
| Create projects | - | - | - | - |
| Edit projects | - | - | - | - |
| Delete projects | - | - | - | - |
| Archive projects | - | - | - | - |
Finding Permissions
Section titled “Finding Permissions”| Action | Admin | Analyst | Reviewer | Viewer |
|---|---|---|---|---|
| View findings | - | - | - | - |
| Create findings | - | - | - | - |
| Edit findings | - | - | - | - |
| Delete findings | - | - | - | - |
| Import findings | - | - | - | - |
| Comment on findings | - | - | - | - |
Report Permissions
Section titled “Report Permissions”| Action | Admin | Analyst | Reviewer | Viewer |
|---|---|---|---|---|
| View reports | - | - | - | - |
| Generate reports | - | - | - | - |
| Download reports | - | - | - | - |
| Manage templates | - | - | - | - |
Client Permissions
Section titled “Client Permissions”| Action | Admin | Analyst | Reviewer | Viewer |
|---|---|---|---|---|
| View clients | - | - | - | - |
| Create clients | - | - | - | - |
| Edit clients | - | - | - | - |
| Delete clients | - | - | - | - |
| Manage portal users | - | - | - | - |
Administration Permissions
Section titled “Administration Permissions”| Action | Admin | Analyst | Reviewer | Viewer |
|---|---|---|---|---|
| Manage users | - | - | - | - |
| Tenant settings | - | - | - | - |
| View audit logs | - | - | - | - |
| Manage integrations | - | - | - | - |
| Manage API keys | - | - | - | - |
Role Descriptions
Section titled “Role Descriptions”Best for: Team leads, managers, account owners
Administrators have full access to all platform features plus the ability to:
- Manage all users and their roles
- Configure tenant-wide settings
- Access audit logs
- Manage integrations and API access
- Configure security policies
Analyst
Section titled “Analyst”Best for: Security consultants, penetration testers
Analysts can perform all assessment-related work:
- Create and manage projects
- Document findings with full editing
- Generate and configure reports
- Import scan data
- Manage client relationships
- Collaborate via chat
Reviewer
Section titled “Reviewer”Best for: QA personnel, senior reviewers, managers without edit needs
Reviewers can oversee work without modifying content:
- View all projects and findings
- Add comments and feedback
- Download reports
- Participate in discussions
- Cannot modify findings or reports
Viewer
Section titled “Viewer”Best for: Stakeholders, executives, external observers
Viewers have limited, read-only access:
- View only assigned projects
- Read findings without editing
- Download available reports
- Cannot comment or participate
Project-Level Roles
Section titled “Project-Level Roles”Beyond platform roles, users have project-specific roles:
Project Lead
Section titled “Project Lead”- Primary owner of the project
- Can delete the project
- Manages team assignments
- Default notification recipient
Project Member
Section titled “Project Member”- Full edit access to project content
- Can add findings and assets
- Can generate reports
Project Reviewer
Section titled “Project Reviewer”- View and comment only
- Cannot edit project content
- Receives review notifications
Assigning Roles
Section titled “Assigning Roles”Platform Role
Section titled “Platform Role”Assigned during user creation:
- Settings → Users
- Click Edit on user
- Select role from dropdown
- Save changes
Project Role
Section titled “Project Role”Assigned per project:
- Open project
- Go to Settings → Team
- Add user and select role
- Save
Role Best Practices
Section titled “Role Best Practices”Principle of Least Privilege
Section titled “Principle of Least Privilege”Assign the minimum role needed:
- Start with Viewer
- Upgrade as responsibilities grow
- Regular role reviews
Role Assignment Guidelines
Section titled “Role Assignment Guidelines”| User Type | Recommended Role |
|---|---|
| New team member | Analyst (after training) |
| Senior consultant | Analyst |
| Team manager | Admin |
| QA reviewer | Reviewer |
| Executive stakeholder | Viewer |
| External auditor | Viewer |
Multiple Projects
Section titled “Multiple Projects”Users can have different project roles:
- Analyst on Project A
- Reviewer on Project B
- Not assigned to Project C
Special Permissions
Section titled “Special Permissions”Godmode (Super Admin)
Section titled “Godmode (Super Admin)”For NEURO support personnel:
- Access across all tenants
- Used for support only
- Full audit logging
Client Portal Users
Section titled “Client Portal Users”Separate permission set:
- See Client Portal
Troubleshooting
Section titled “Troubleshooting””Permission Denied” Error
Section titled “”Permission Denied” Error”- Check user’s platform role
- Verify project assignment
- Confirm project-level role
- Contact admin if needed
Can’t See Projects
Section titled “Can’t See Projects”- Viewer role only sees assigned projects
- Check project team membership
- Verify account is active
Can’t Edit Content
Section titled “Can’t Edit Content”- Reviewer/Viewer roles are read-only
- Check platform role
- Verify project role allows editing
Next: Learn about Security Settings