Appearance
Understand Roles and Permissions
AttackLens uses role-based access control (RBAC) to manage what each user can see and do in the platform. Every user is assigned exactly one role, and each role provides a specific set of permissions. Roles are hierarchical -- each role includes all the permissions of the roles below it.
Role Hierarchy
Super Admin
└── Admin
└── Posture Manager
└── ViewerRole Descriptions
Viewer
The most restricted role. Designed for stakeholders, executives, compliance officers, and team members who need visibility into the organization's security posture without the ability to make changes.
Viewers can:
- View the dashboard and all summary widgets.
- Browse assets, asset groups, and asset details (read-only).
- View inventory records and installed packages.
- View findings and finding details.
- View vulnerabilities and vulnerability details.
- Explore the attack graph, attack paths, chokepoints, and toxic combinations.
- View policies and rulesets (read-only).
- View their own profile and change their password.
Posture Manager
Designed for security analysts and engineers who manage the day-to-day security posture. Posture Managers can create and modify security content and manage endpoints.
Posture Managers can do everything a Viewer can, plus:
- Create, edit, and delete assets.
- Create and manage asset groups.
- Resolve asset conflicts (merge, split, dismiss).
- Create, edit, and delete policies.
- Create, edit, and delete rulesets.
- Trigger posture evaluations.
- Manage sensors (view details, link/unlink to assets, delete).
- Create and manage enrollment tokens.
- Create issues from findings (using configured integrations).
Admin
Designed for security team leads and platform operators who configure how AttackLens connects to external systems and how it behaves.
Admins can do everything a Posture Manager can, plus:
- Create, edit, and delete adapter connections (Azure, AWS, GCP).
- Trigger discovery syncs.
- View and manage discovery snapshots.
- Configure issue integrations (Jira, ServiceNow, GitHub).
- Configure the MCP server.
- View audit logs.
- Configure attack graph settings.
- Manage feed and update settings.
- Access sensor downloads management.
Super Admin
Full unrestricted access to every feature in AttackLens. Designed for the platform administrator responsible for the overall installation.
Super Admins can do everything an Admin can, plus:
- Create, edit, disable, and delete user accounts.
- Change user roles.
- Reset user passwords.
- Configure SSO / SAML settings.
- Access all system-level configuration.
Permission Matrix
The following table provides a detailed breakdown of permissions by role. A checkmark indicates the role has that permission.
Dashboard and Overview
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View dashboard | Yes | Yes | Yes | Yes |
| View posture summary | Yes | Yes | Yes | Yes |
| View vulnerability summary | Yes | Yes | Yes | Yes |
| View attack graph summary | Yes | Yes | Yes | Yes |
Assets
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View assets | Yes | Yes | Yes | Yes |
| View asset details | Yes | Yes | Yes | Yes |
| Create assets | -- | Yes | Yes | Yes |
| Edit assets | -- | Yes | Yes | Yes |
| Delete assets | -- | Yes | Yes | Yes |
| Create asset groups | -- | Yes | Yes | Yes |
| Edit asset groups | -- | Yes | Yes | Yes |
| Delete asset groups | -- | Yes | Yes | Yes |
| Resolve asset conflicts | -- | Yes | Yes | Yes |
Inventory
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View inventory | Yes | Yes | Yes | Yes |
| View installed packages | Yes | Yes | Yes | Yes |
| View running services | Yes | Yes | Yes | Yes |
Findings
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View findings | Yes | Yes | Yes | Yes |
| View finding details | Yes | Yes | Yes | Yes |
| Create issues from findings | -- | Yes | Yes | Yes |
Vulnerabilities
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View vulnerabilities | Yes | Yes | Yes | Yes |
| View vulnerability details | Yes | Yes | Yes | Yes |
Attack Graph
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View attack graph | Yes | Yes | Yes | Yes |
| View attack paths | Yes | Yes | Yes | Yes |
| View chokepoints | Yes | Yes | Yes | Yes |
| View toxic combinations | Yes | Yes | Yes | Yes |
| Configure attack graph settings | -- | -- | Yes | Yes |
Policies and Rulesets
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View policies | Yes | Yes | Yes | Yes |
| Create / edit policies | -- | Yes | Yes | Yes |
| Delete policies | -- | Yes | Yes | Yes |
| View rulesets | Yes | Yes | Yes | Yes |
| Create / edit rulesets | -- | Yes | Yes | Yes |
| Delete rulesets | -- | Yes | Yes | Yes |
| Trigger evaluations | -- | Yes | Yes | Yes |
Discovery
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View adapters | Yes | Yes | Yes | Yes |
| Create / edit adapters | -- | -- | Yes | Yes |
| Delete adapters | -- | -- | Yes | Yes |
| Trigger discovery sync | -- | -- | Yes | Yes |
| View snapshots | Yes | Yes | Yes | Yes |
Sensors
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View sensors | Yes | Yes | Yes | Yes |
| View sensor details | Yes | Yes | Yes | Yes |
| Link / unlink sensors | -- | Yes | Yes | Yes |
| Delete sensors | -- | Yes | Yes | Yes |
| Create enrollment tokens | -- | Yes | Yes | Yes |
| Revoke / delete tokens | -- | Yes | Yes | Yes |
| Manage sensor downloads | -- | -- | Yes | Yes |
Integrations
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View integrations | Yes | Yes | Yes | Yes |
| Create / edit integrations | -- | -- | Yes | Yes |
| Delete integrations | -- | -- | Yes | Yes |
| Configure MCP server | -- | -- | Yes | Yes |
Settings
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View audit logs | -- | -- | Yes | Yes |
| Configure feed and updates | -- | -- | Yes | Yes |
| Configure attack graph | -- | -- | Yes | Yes |
| Configure SSO / SAML | -- | -- | -- | Yes |
User Management
| Permission | Viewer | Posture Manager | Admin | Super Admin |
|---|---|---|---|---|
| View users | -- | -- | -- | Yes |
| Create users | -- | -- | -- | Yes |
| Edit users | -- | -- | -- | Yes |
| Disable / enable users | -- | -- | -- | Yes |
| Delete users | -- | -- | -- | Yes |
| Reset passwords | -- | -- | -- | Yes |
Best Practices
- Start with Viewer: When in doubt, assign the Viewer role. You can always upgrade later.
- Limit Super Admins: Only 1-2 users should have the Super Admin role. This reduces the risk of accidental or unauthorized changes to critical settings.
- Use Posture Manager for day-to-day work: Most security analysts need Posture Manager access to manage assets, policies, and sensors effectively.
- Review roles periodically: As team responsibilities change, review and adjust roles. The audit log tracks all role changes for accountability.
- Separate duties: In regulated environments, ensure that the person managing users (Super Admin) is not the same person managing security policies (Posture Manager) where possible.