User roles

Roles control what members of your organization can see and do in XBOW. Roles are set by users with the organization administrator role.

Roles

Locked

Ability to authenticate and request a quote for a new assessment only.

Lightspeed users are automatically assigned this role when their assessment access expires. Role not available for Enterprise users.

Viewer

Read-only access to the organization. Viewers can see assets, domains, assessments, findings, and reports, but cannot make any changes or run tests.

Monitor

All Viewer permissions, plus the ability to pause a running assessment in an emergency. Monitors cannot resume assessments.

Uploader

All Viewer permissions, plus the ability to upload resources such as new file versions.

Developer

All Uploader and Monitor permissions, plus the ability to start, stop, and resume assessments, update findings, manage asset profiles, and update existing assets.

Existing Asset Administrator

All Developer permissions, plus the ability to manage members, attack credits, and the configuration of the organization.

Administrator

All Existing Asset Administrator permissions, plus the ability to create and delete assets, manage the organization allowlist, and view the audit log. Administrators can also manage personal access tokens and webhook subscriptions for use with the XBOW API.

Permissions by role