Organization Roles
In BTP, an organization is the highest-level entity. It acts as a container for all your Products, Users, and Teams. Think of it as the overarching structure that houses everything related to your work within BTP. Within each organization, the following primary roles are available:- Organization Admin: Organization Admins have the highest level of access and can manage all aspects of the organization. This includes:
- Organization User: This is the basic role assigned to all users within the organization. Their access to specific Products and features depends on the product roles assigned to them, either directly or through their Team memberships.
- Product Creator: This role has the same permissions as an Organization User but with the added ability to create new Products within the organization. Their access to and management capabilities within those products will then be determined by the product roles they are assigned.
- Ruleset Creator: This role allows users to create custom rulesets to be used in scanning images.
- Guest: A special role with a minimal level of access. Useful when giving an temporary access to a single Product and nothing else.
Resource Roles at the Organization Level
In addition to the organization-specific roles, you can assign resource-specific roles at the organization level. This grants users the corresponding permissions on all resources of such type within the organization. For detailed information about the available roles and their specific permissions, see Product Roles and Ruleset Roles. Note: Assigning such roles at the organization level can simplify access management by granting permissions across all resources at once. However, itβs important to use this feature judiciously to avoid inadvertently granting excessive access. Resource types that can have organization-level roles include:- Products
- Rulesets
Manage organization level roles
- Go to the Organization page.
- Navigate to the Users tab.
- Select a user.
- Click Manage Roles.
Organization Permissions Table
| Permission | Organization Admin | Organization User | Product Creator | Ruleset Creator | Guest |
|---|---|---|---|---|---|
| Manage Organization Access | β | ||||
| View Users | β | β | β | ||
| Add/Remove Users | β | ||||
| View Teams | β | β | β | ||
| Create Team | β | ||||
| Create Products | β | β | |||
| View Custom Rules | β | β | β | ||
| Create Rulesets | β | β | |||
| Manage Organization Ruleset Deployments | β | ||||
| Manage Jira Integration | β | ||||
| Manage Team Quotas | β |
Team Roles
Teams streamline user management by allowing you to grant access to Products for a group of users at once. A single user can belong to multiple teams, providing flexibility in organizing your users. Within each team, there are two distinct roles:- Team Admins are members with elevated permissions, enabling them to manage the team itself. This includes adding or removing members and updating team details.
- Team Members are the individuals who have been invited to join the team.
Team Permissions Table
| Permission | Team Admin | Team Member |
|---|---|---|
| Create new Products in Team Quota | β | |
| Manage Team Access | β | |
| View Team Members | β | β |
| Add/Remove Team Members | β | |
| Remove Team | β | |
| Rename Team | β | |
| View Team Quotas | β |
Product Roles
Product roles define specific levels of access to Products within an organization. These roles can be assigned at the Organization level (granting the role for all products), directly to users for a given product, or to an entire team for a given product. Hereβs a breakdown of the product roles:- Product Admin: Product Admins have the highest level of access to a product. They can manage access to the product by adding or removing users and teams.
- Product Editor: Product Editors can perform almost all actions within a product, except for managing access control (adding/removing users and teams) and archiving the product.
- Product Viewer: Product Viewers have read-only access to a product.
Product Permissions Table
| Permission | Product Admin | Product Editor | Product Viewer |
|---|---|---|---|
| Manage Product Access | β | ||
| Archive/Unarchive Product | β | ||
| Manage Product Ruleset Deployments | β | ||
| Rename Product | β | β | |
| Upload Images | β | β | |
| Scan Images | β | β | |
| Archive/Unarchive Images | β | β | |
| Attach Symbols | β | β | |
| Generate Reports | β | β | β |
| View Image Overview | β | β | β |
| View Findings | β | β | β |
| View Secrets | β | β | β |
| View Dependencies | β | β | β |
| View Cryptographic Materials | β | β | β |
Creating a new Product
Users with the following roles can create new products:- Organization Admin
- Product Creator
Ruleset Roles
Ruleset roles define specific levels of access to Rulesets within an organization. These roles can be assigned at the Organization level (granting the role for all rulesets), directly to users for a given ruleset, or to an entire team for a given ruleset.- Ruleset Admin: Ruleset Admins have the highest level of access to a ruleset. They can manage access to the ruleset by adding or removing users and teams.
- Ruleset Editor: Ruleset Editors can perform almost all actions within a ruleset, except for managing access control.
- Ruleset Viewer: Ruleset Viewers have read-only access to a ruleset, including all revisions and files.
Ruleset Permissions Table
| Permission | Ruleset Admin | Ruleset Editor | Ruleset Viewer |
|---|---|---|---|
| Manage Ruleset Access | β | ||
| Create new revision | β | β | |
| Edit rules | β | β | |
| View Revisions | β | β | β |
| View Files | β | β | β |