Overview
The back office implements role-based access control (RBAC) with three distinct roles. Each role has a specific set of capabilities and screen access.Role Definitions
Admin
The Admin role has full access to all features in the back office, including system administration.Admin Capabilities
- View dashboard with system-wide statistics and charts
- Manage all reports (current, archived, shared)
- Create, edit, and delete findings, conclusions, recommendations, and results
- Manage checklists and project types
- Manage customer accounts
- Create, edit, and delete user accounts
- Assign and change user roles
- Impersonate other users
- View system event log
- View system statistics and analytics
- Manage knowledge base administration
- Access all utility tools
Editor
The Editor role can create and manage content but cannot perform system administration tasks.Editor Capabilities
- View current reports
- Create and edit reports
- Manage personal and team retests
- Create, edit, and delete findings, conclusions, recommendations, and results
- Manage checklists and project types
- Manage customer accounts
- View event log
- Edit knowledge base articles
- Access all utility tools
User
The User role has limited, primarily read-only access.User Capabilities
- View personal current reports
- View personal current retests
- Browse knowledge base articles
- Access utility tools (SMS, generators, OWASP calculator)
- Manage own profile settings
Access Matrix
The table below shows which screens are accessible to each role.| Screen | Admin | Editor | User |
|---|---|---|---|
| Dashboard (with stats) | Yes | No | No |
| Current Reports | Yes | Yes | Yes (personal only) |
| Archived Reports | Yes | No | No |
| Current Shared Reports | Yes | No | No |
| Archived Shared Reports | Yes | No | No |
| Team Current Retests | Yes | Yes | No |
| My Current Retests | Yes | Yes | Yes |
| Tools | Yes | Yes | Yes |
| Project Types | Yes | Yes | No |
| Customers | Yes | Yes | No |
| Report Results | Yes | Yes | No |
| Report Conclusions | Yes | Yes | No |
| Report Recommendations | Yes | Yes | No |
| Findings | Yes | Yes | No |
| Findings Recommendations | Yes | Yes | No |
| Checklists | Yes | Yes | No |
| Users Management | Yes | No | No |
| Event Log | Yes | Yes | No |
| Statistics | Yes | No | No |
| Knowledge Base (browse) | Yes | Yes | Yes |
| Knowledge Base (admin) | Yes | No | No |
| Settings / Profile | Yes | Yes | Yes |
Sidebar Navigation by Role
Each role sees a different sidebar menu tailored to their access level.Admin Sidebar
The admin sidebar includes:
- Current Reports
- Archived Reports
- Current Shared Reports
- Archived Shared Reports
- Tools
- Project Types
- Customers
- Report Results
- Report Conclusions
- Report Recommendations
- Findings
- Findings Recommendations
- Checklists
- Users
- Event Log
- Statistics
Editor Sidebar
The editor sidebar includes:
- Current Reports
- Team Current Retests
- My Current Retests
- Tools
- Project Types
- Customers
- Report Results
- Report Conclusions
- Report Recommendations
- Findings
- Findings Recommendations
- Checklists
- Event Log
User Sidebar
The user sidebar includes:
- Current Reports
- Current Retests
- Tools
Access Denied
If a user tries to access a screen they don’t have permission for, they will see an “Access Restricted” message indicating which role is required.