Project Roles and Permissions
The following table lists the various roles and associated permissions used to manage a given project in Code Insight. The project creator automatically becomes the initial Project Contact and Project Administrator. In turn, a Project Administrator can assign Analyst, Reviewer, and Observer roles to Code Insight users, as well as create other Project Administrators. The Project Administrator can also remove users from any of these roles.
For details about these roles and the procedure for assigning them, see “Assigning Project Roles to Users” in the “Using Code Insight” chapter in the Code Insight User Guide.
Users can be assigned multiple project roles.
Responsibility: Manage project
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| Reassign the project contact | X | X | X |  | | | |
| Manage project users | X | X | X | X | | X | |
| Rename the project | X | X | X | X | | X | |
| Create/edit custom field values for a project (including SBOM Bucket Name ) | X | X | X | X | | X | |
| Move projects in Projects pane | X | X | X | X | | X | |
| Manage scan settings | X | X | X | X | | X | |
| Manage review/remediation settings | X | X | X | X | | X | |
| Manage Source Control Management (SCM) and Application Lifecycle (ALM) instances | X | X | X | X | | X | |
| Delete the project | X | X | X | X | | X | |
| Branch or copy the project | X | X | X | X | | X |
Responsibility: Invoke/stop scans
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| X | X | X | | X |
Responsibility: Upload codebases
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| X | X | X | | X |
Responsibility: Import/export project data
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| X | X | X | | X |
Responsibility: Assign project to an SBOM bucket
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| X | X | X | X | | X |
Responsibility: Export to SBOM Insights
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| X | X | X | X | X |
Responsibility: View project inventory
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| | | | | ** |
Responsibility: Analyze, suppress, unsuppress security vulnerabilities
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| Developer Contact, Security Contact, or System Administrator only | |
Responsibility: Review project inventory
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| Recall inventory | | | X | X | X | X | |
| Approve/reject inventory | X | | X | X | X | X | |
| Set inventory priority | X | | X | X | X | X | |
| Edit/create inventory | Only Analysts have access to the Add Item and Edit Item buttons to create/edit project inventory properties. | | X | X | X | X | X |
| Create and manage work items in the project’s associated ALM (application life cycle management) system | X | | X | X | X | X | |
| Update Notices text and notes | This permission refers to inventory’s Notices Text field (on the Notices Text tab) and the information on the Notes & Guidance tab (except Detection Notes ). | | | X | X | X | X |
| Edit custom field values on the Inventory Details tab | | | X | X | X | X | |
| View evidence found in files listed on the Associated Files tab and manage the inventory’s file associations | For Analysts only, the file path for an associated file is hyperlinked, enabling them to open to the file’s File Details tab in Analysis Workbench to view evidence. In Analysis Workbench, Analysts can also add/remove files associated with inventory. | | X | X | X | X | X |
| Force automatic review by policy across all inventory in the project | X | | X | X | X | X |
Responsibility: Use Analysis Workbench
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| View/analyze codebase files | | X | X | X | X | X | |
| Edit alerts | | X | X | X | X | X | |
| Create, edit, and recall inventory and manage custom detection rules | | X | X | X | X | X | |
| Edit Notices Text field on Notices Text tab | | X | X | X | X | X | |
| Edit Audit Notes field on the Notes tab | | X | X | X | X | X | |
| Edit custom field values on the Custom Fields tab | | X | X | X | X | X |
Responsibility: Generate reports
| Permissions | Notes | Role: Analyst | Role: Reviewer | Role: Observer* | Role: Proj. Contact | Role: Proj. Admin | Role: Sys. Admin |
|---|---|---|---|---|---|---|---|
| Any user (not just one with a project role) can generate reports. For a “private” project, the Observer is considered an “any user”, restricted to viewing project inventory and generating reports. | | | | | | |
* The Observer role is available for only projects defined as “Private”. Private projects are hidden from all users except the Project Contact, the System Administrator (restricted to Summary tab only), and those users assigned as Project Administrators, Analysts, Reviewers, and Observers of the project. An Observer is limited to viewing project inventory and generating reports for the “Private Project”.
** In general, a System Administrator has permission to access both public and private projects. However, the Project Inventory tab for a private project is visible to a System Administrator only if the user assigned to the System Administrator role is also assigned to a role in the project (Project Administrator, Project Contact, Observer, Analyst, or Reviewer).