Invite teammates & assign roles
Roles at a glance
| Reads findings | Ignores / un-ignores | Manages policies | Manages cloud creds & users | |
|---|---|---|---|---|
| Viewer | Yes | No | No | No |
| Security Engineer | Yes | Yes | No | No |
| Admin | Yes | Yes | Yes | Yes |
Step 1, send an invite
- Settings, Users & Roles, Invite member.
- Enter the user's email.
- Pick the role.
- Send.
The user receives an email with a magic link. They click it, set a password, verify their email, and join.
Step 2, change a user's role
In the Users & Roles table, click the user's row and pick a new role. Changes apply on the user's next page load.
Step 3, off-board a user
- Find the user in the Users & Roles table.
- Disable removes their access immediately but keeps the audit trail.
- Delete removes them entirely.
For audits (SOC 2, ISO 27001), prefer Disable for users who left, Delete only for test accounts.
Best practices
- Least privilege by default. Start everyone as Viewer; promote when they need it.
- One Admin minimum, two recommended. Single point of failure if the only Admin loses access.
- No shared accounts. Every user has their own email. Auditors specifically check for this.