Members & Roles
Understand team roles (Owner, Admin, Member) and their permissions.
Each team member has a role that determines what they can do within the team.
Roles
Owner
The team creator is automatically assigned the Owner role. Owners have full control over the team:
- Manage all products, releases, SBOMs, and VEX documents
- Approve and publish VEX documents
- Invite and remove team members
- Change member roles
- Manage billing and subscription
- Access and export audit logs
- Delete the team account
Admin
Admins have elevated permissions for day-to-day management:
- Manage all products, releases, SBOMs, and VEX documents
- Approve and publish VEX documents
- Invite team members
- Access and export audit logs
- Cannot manage billing or delete the team
Member
Members can perform most vulnerability management tasks:
- Create and manage products, releases, and SBOMs
- Triage vulnerabilities and set dispositions
- Generate and submit VEX documents for review
- View audit logs
- Cannot approve or publish VEX documents
- Cannot manage team members or billing
Permissions summary
| Action | Owner | Admin | Member |
|---|---|---|---|
| Manage products & releases | Yes | Yes | Yes |
| Upload & manage SBOMs | Yes | Yes | Yes |
| Triage vulnerabilities | Yes | Yes | Yes |
| Generate VEX documents | Yes | Yes | Yes |
| Submit VEX for approval | Yes | Yes | Yes |
| Approve/reject VEX | Yes | Yes | No |
| Publish VEX | Yes | Yes | No |
| Invite members | Yes | Yes | No |
| Remove members | Yes | No | No |
| Change member roles | Yes | No | No |
| Manage billing | Yes | No | No |
| Export audit logs | Yes | Yes | Yes |
Changing a member's role
- Navigate to Members in the sidebar
- Find the member in the list
- Click the role dropdown next to their name
- Select the new role
Only Owners can change member roles.