The access to the main features of Probely is ruled by permissions. For instance, in order to add a target, the user needs to have the permission
You can group permissions using Roles. For instance, the built-in role
Developer can view targets, change target settings, change findings, and start scans, but cannot add targets.
You can then map roles to users at an account level or at a target level:
- Account roles: When you are adding a user, you can set the user's role, which is applied to all targets of the account, i.e., the role is set at an account level or global scope.
- Target roles: If you want to grant a user access to a single target or group of targets, you can leave the account role empty and assign the role at a target level (under target settings -> access).
You can also combine both levels of roles. You can have a user that has, for instance, the role
Developer at an account level and a role
Admin on a specific target.
It's also important to know that there is a special permission that behaves differently than others. Imagine that you create a user and set an account-level role that only has one permission -
Create Target. When this user logs in on Probely, he/she will not be able to see or access any existing target but can create targets. When the user creates a target, he/she will be the owner of the target. At a target level, the user has the admin role on targets that he/she created.