Skip to content

Managing User Roles and Project Permissions

User Roles

The tool distinguishes between different user roles to ensure clarity in responsibilities and access control. While each user is assigned a general role—such as Administrator, Cyber Security Architect, or User—these roles define their overarching capabilities within the system. In addition, all users can be granted specific permissions on a project-by-project basis, independent of their assigned role. This flexible permission model allows for fine-grained access control tailored to each project’s requirements.

The Administrator is responsible for the overall system administration. This includes creating and managing user accounts, handling software updates, and maintaining license information. A special built-in "admin" account exists as a fallback and always has full management permissions across all projects, ensuring continuous administrative access to the system.

The Cyber Security Architect focuses on the configuration and maintenance of security-related components. This role includes creating and updating toolbox elements, defining analysis rules, and managing which rules are applied in specific analysis scenarios. This ensures that security assessments are consistent and based on up-to-date configurations.

The User is typically involved in the operational use of the tool. Users work with the elements and rules defined in the toolbox, run analyses, and review results. While their role does not include administrative or configuration responsibilities, their access within individual projects can still vary based on the permissions assigned to them.

By combining role-based functionality with project-specific permissions, the system provides both structure and flexibility, supporting collaborative workflows while maintaining appropriate control levels.

Project Permissions

Each project in the system has a defined set of member roles that control what actions users can perform. These roles help maintain structure, security, and clarity within collaborative environments. There are three permission levels: Manage, Edit, and Read.

Users with Manage permissions have full adminitrative control over a project. This includes the ability to change the project's name and description, manage the list of project members, assign or modify user permissions, and remove members from the project. Additionally, they can delete the project entirely. This role is designed for project owners or administrators who are responsible for overseeing the full scope of the project.

The Edit permission level is intended for users actively contributing to the project. These users can work on the project content itself — for example, they can create and update diagrams, build iterations, and run analyses. However, they do not have access to administrative features like member management or project deletion. This ensures that contributors can focus on their work without altering project governance.

Users with Read permissions have view-only access to the project. They can open and read all project content but are not allowed to make any changes. This role is suitable for stakeholders, reviewers, or anyone who needs visibility into the project’s progress without direct involvement in its development.

When a new project is created, the user who created it is automatically granted Manage permissions. Additionally, the admin user is always granted Manage access to all projects, regardless of their creator or assigned roles. It’s important to note that projects are private by default: only users explicitly assigned to a project will be able to view or access it. Any user not assigned to a project will not see it in their interface at all.

This permission structure ensures that each user’s level of access matches their responsibilities, promoting secure and efficient collaboration.