Reference

Roles and permissions

Built-in roles, what each can see and do, and how tenant scopes work.

viewer: Read-only across the active tenant.
analyst: Triage findings, acknowledge detections, run scoped assessments.
engineer: Everything analysts can do, plus configure connectors and re-check fixes.
admin: Manage users, SSO, integrations, and tenant settings.
superadmin: Cross-tenant operations — reserved for the platform team.