The topic describes how to invite new users to your team and assign them role-based access controls (RBAC).
You can add your team members to Traceable's SaaS platform. When you add your team member to Traceable, you can assign one or more than one of the following three roles to them. Defining the correct role for a user helps in the separation of duties.
Account owner - An account owner is a person who manages the Traceable account. For example, managing users, assigning privileges, licensing, and so on. There can be more than one account owner.
Security admin - A security admin is typically a person who configures the security policies, investigates the attack information, monitors security events, and so on.
Developer - A person who wants to view the risks associated with the APIs that they have developed.
The account owner role is the highest in the hierarchy of roles and has complete control over all other users and their actions. The developer role has the least privilege. You can add a user with the same role as yours or a lower privilege role. For example, an account owner can add, edit, or delete another account owner, security admin, and developer. A security admin can add, edit, or delete another security admin or a developer. The developer has a read-only privilege. The account owner and security admin can edit all configurations, for example, creating rules, notifications, and so on. For more information, see Roles and privileges.
Navigate to Administration (
) > Team to add a new user to your account. Click on Invite User and assign a role to the user.
As an Account Owner or Security Admin, you can also change the roles of existing users. Click on the three dots as shown in the screenshot below. Click on Edit.
Roles and privileges
The following table provides high-level information about privileges related to each role.
API Intelligence Dashboard
View and modify Administration settings
Creating and applying rate limiting rule
Marking parameters as sensitive or not sensitive
Threat actor mitigation
Excluding events from getting reported
Vulnerability status change
Changing the data type of sensitive parameters
Apply or remove tags
Traceable roles remain the same across your different environments.