Roles
Note: This capability is currently in Early Access (EA) and is not generally available. To request access, contact OX technical support.
Roles define what users can view and do in OX by combining page access and action permissions, so you can align platform access with organizational responsibilities.
OX provides built-in immutable roles and the ability to define custom roles that match your organization’s structure.
How permissions work
Permissions in OX are structured and interdependent.
Access is defined in two layers:
Page permissions determine whether a page appears in navigation.
Action permissions determine what can be done inside that page.
Actions only work when the related page permission is selected. If page access is not granted, the page is hidden, and its actions cannot be used. For example, if the View Issues permission is not selected, actions such as Fix issue, Open PR, or Create Tickets cannot be performed.
When creating a role, always select the required page permissions first, then enable the necessary actions.
Built-in roles
OX includes predefined roles for common responsibilities.
Admin
Full access across the platform
Policy Manager
Manage and enforce policies
Developer
Investigate and remediate issues
Read Only
View platform data without making changes
Custom roles
Custom roles allow you to enforce least-privilege access and clearly separate operational responsibilities across teams. By defining granular page and action permissions, you can restrict exposure to sensitive configuration areas while granting teams only the access required for their function.
You can define custom roles from scratch or by duplicating and editing existing roles.
To duplicate an existing role:
Go to Settings > Roles.
Click the three dots next to the role you want to duplicate and select Duplicate. The Edit Role page appears with all the role settings defined for the role you selected.
Edit the role settings and select Update Role.
To create a role from scratch:
Go to Settings > Roles.
Select Create Role.
Enter a role name and optional description.
Select the required page permissions and actions you want to allow.
Select Create Role.
Review the role before saving to ensure all required page permissions are included.
To assign users to a role:
Go to Settings > Users.
Select a user.
Select Edit user (role/scope).
Choose a role.
Select Save.
Permissions reference
The following table reflects the current roles configuration model, including permission dependencies.
General
Initiate scan
Run regular scans
Dashboard
View dashboard
Allows viewing the Dashboard page
View issues
View applications
View policies
View pipelines
View SBOM
View API BOM
View Artifact BOM
View Cloud BOM
View SaaS BOM
View SLA Settings
Issues
View issues
Access Issues page
Export issues
Export issue data
View issues
Add/edit comments
Modify comments
View issues
Delete comments
Remove comments
View issues
Start ChatGPT
Use AI assistance
View issues
View code fix
View remediation
View issues
Fix issue
Mark issue as fixed
View issues
Open PR
Create a pull request
View issues
Exclude and snooze issue
Exclude or temporarily hide issue; remove exclusions
View issues
Report false positive
Mark as false positive
View issues
Cancel Report False Positive
Cancel false positive status
View issues
Change severity
Modify severity
View issues
Edit SLA
Modify SLA
View SLA settings
Import Issues
Import issue data
View Issues
Create tickets
Create external tickets
View Issues
Link tckets
Link issues to tickets
View issues
Unlink tickets
Remove ticket link
View issues
Triage issues
Perform triage
View issues
Send Issue to messenger
Send issue to messaging integration
View issues
Filters
Edit public filter
Modify shared filters
Delete public filter
Delete shared filters
Applications
View applications
Access Applications page
Scan single application
Run targeted scan
View issues
Edit configuration
Modify configuration
View applications
View tags
View tags
View applications
Edit tags
Modify tags: add/delete tags, edit existing tags
View applications
Read app owners
View owners
View applications
Assign/add app owner
Assign owners
View applications
Delete app owner
Remove owners
View applications
Make app irrelevant
Mark irrelevant/relevant
View applications
Assign/reset containers
Manage containers
View applications
Set priority
Set priority
View applications
Export (application info, PBOM, SBOM)
Export data
View applications
Connectors
View connectors
Access Connectors page
Add/change connectors
Add or modify connectors
View connectors
Delete connectors
Remove connectors
View connectors
Upload connector config
Upload configuration
View connectors
Download connector config
Download configuration
View connectors
Pipeline
View pipelines
Access pipelines
Policies
View policies
Access policies
Edit policies
Modify policies; enable/disable policies
View policies
Exclusions
View exclusions
Access exclusions
View issues
BOM
View BOM overview page
Access BOM overview
View SBOM
Access SBOM
View BOM Overview page
View API BOM
Access API BOM
View BOM Overview page
View Artifact BOM
Access Artifact BOM
View BOM Overview page
View SaaS BOM
Access SaaS BOM
View BOM Overview page
View Cloud BOM
Access Cloud BOM
View BOM Overview page
Agentic Pentest
Access Agentic Pentest
Access DAST area
Workflows
View workflows
Access workflows
View issues
View connectors
View policies
Edit workflows
Manage workflows
View issues
View connectors
View policies
View users
View Code Fix
Audit Logs
View audit logs
Access logs
Users
View users
Access Users page
Edit/invite users
Modify users
View users
Remove user
Remove users
View users
View roles
View roles
View users
Edit roles
Modify roles
View roles
Delete roles
Delete roles
View roles
Organization
Delete organization
Delete organization
View organization info
View org units
View org units
View organization info
Edit org units
Modify org units
View Org Units
Delete org units
Delete org units
View Org Units
Settings
Edit organization settings
Modify organization settings
Edit usability settings
Modify usability
Edit scan settings
Modify scan behavior
Edit application settings
Modify application defaults
Edit AI settings
Modify AI configuration
Edit notification settings
Modify notification settings
Edit login settings
Modify login settings
Edit API key settings
Manage API keys
View API keys for all users
View user API keys
Edit API keys for all users
Manage user API keys for all users
Edit CI/CD Integration API keys
Manage CI/CD keys
Edit API Integration keys
Manage API keys
Edit API K8s Inspector/Runtime Sensor Integration API keys
Manage K8s integration keys
Edit IDE/CLI Integration API keys
Manage IDE/CLI keys
Edit MCP Integration API keys
Manage MCP keys
Edit Audit Logs Exporter settings
Modify audit exporter
Edit Secrets
Modify secret settings to meet specific requirements
Edit Pipeline settings
Modify pipeline configuration
View SLA settings
Access SLA
configuration
Edit SLA settings
Modify SLA configuration
View SLA settings
Edit Ticketing and Messaging settings
Modify integrations related to ticketng and messaging
Edit view settings
Modify view configuration
Edit Executive report settings
Modify executive report settings
View executive reports
View application owners
View application tags
View org units
Edit org units
Delete org units
Reports
View Reports page
Access Reports page
View issues View applications
View SBOM
View SLA settings
View users
View org units
Edit Reports
Modify reports
View issues
View applications
View SBOM
View users
View SLA settings
View org units
View Executive reports
View executive report
View issues
View applications
View application tags
View application owners
View SBOM
View users
View SLA settings
View org units
OSC&R
View OSC&R
Access OSC&R report
Last updated