Learn about permission levels of organization Owners, Admins and General Users
Table of content
1. Different roles in Autobahn
Autobahn offers three user roles with varying permission levels to manage access and control within your organization. These roles are:
- Owner
- Admin
- General User
2. Organization Owner
This role holds the highest permission level, allowing full control over the organization's settings, user management (including adding, removing, and assigning permissions to other users), and access to all other features (managing integrations, scans, assets, issues, workouts, creating dashboards etc.).
Also, if an Admin gets deleted and they previously created custom dashboards and shared them with the organization's members, the editing rights of those dashboards are transferred to the Owner.
There can be only one user account with the Owner role in an organization. This role can be transferred to another member. Learn how to add members into your organization by reading this article.
3. Organization Admin
This role grants extensive permissions for managing the organization. There can be multiple Admins within an organization. They can add other Admins, add and remove General Users, assign permissions, and access almost all features except parts of the Settings and Team functionalities.
They can not:
- Manage the Issue Review feature
- Grant General Users rights to change the assignees of assets and issues
- View the subscription time details
- Demote other Admins to General Users
- Delete/deactivate other Admins (nor the Owner)
4. General User
This role has been designed for users who are e.g. external contractors or asset owners responsible only for remediation tasks. They can only access the following views:
- Assets
- Issues (and Issue Review if enabled)
- Workouts
What is more, they can only see assets, issues and workouts that have been assigned to them. The organization Owner can grant them permission to change the assignees of assets and issues that they can access.
They don't have access to dashboards, therefore can't see the organization's Hackability Score.
Their role is very much focused on fixing issues by implementing workouts - they can send them to ticketing systems (e.g. Jira) if they operate in a setting where other people who are not in the Autobahn platform are involved in the remediation process.