Permissions in Vulnman
Explain different permissions and roles in vulnman
Vulnman comes with the following default roles and permission levels:
Roles
Pentesters- The members of the pentester group can be added to different projects. This will add permissions to the user to change, delete and view the project and its assets. Pentesters do not have permissions to add contributors to projects (except of the project creator). Pentesters are allowed to create new clients and create and invite their employees.
Vendors- A vendor is allowed to use the Responsible Disclosure application. The vendor is allowed to comment on shared vulnerabilities.
Customers- Customers are low privilged users. They can be added to projects.
Bughunters- Bughunters only have permissions to access the Responsible Disclosure application and manage vulnerabilities there. No permissions to projects are granted.
Project Contributor Roles
If a new contributor is added to a project the following roles are available.
Read Only- Contributors of this role are not allowed to change assets or other stuff belonging to the project.
Pentester- Pentesters are allowed to edit project related objects.
Last modified November 14, 2022: mention bughunter role (b403d90)