Roles & Permissions
Assigning roles
When inviting a member, you choose their role at invite time. Roles can be changed later by an Owner or Admin via Team → Members → Edit role.
Custom roles (Enterprise)
Enterprise workspaces can define custom roles with granular per-resource permissions:
role: "security-viewer"
permissions:
- scans:read
- resources:read
- monitoring:read
restrictions:
resource_tags:
- env: production
- type: domainThis lets you, for example, give a security auditor read-only access to only the production domain scan results, with no access to servers or cost data.