User Roles and Permissions

Learn about the user roles and associated permissions.

Depending on your role, you may have access to an organization, specific pentests, or both.

Roles and Key Permissions
User Roles
User roles on the Cobalt platform
Pentest level:
  • Pentest Team Member:
    • Collaborates on a specific pentest.
    • Has no access to organization users and settings, unless the user is also an Organization Owner or Member.

Organization level:
  • Organization Owner:
    • Can create assets and pentests.
    • Manages organization users and settings.
    • Can create and manage groups.
    • Can’t collaborate on specific pentests, unless the user is also a Pentest Team Member on these pentests.
  • Organization Member:
    • Can create assets and pentests.
    • Can view organization users and settings.
    • Can view groups they are members of.
    • Can’t collaborate on specific pentests, unless the user is also a Pentest Team Member on these pentests.

Pentest + organization level:
Pentester Roles
Pentester roles on the Cobalt platform
Cobalt pentesters:
Customer pentesters:
Administrative Role
Cobalt Staff role on the Cobalt platform
  • Cobalt Staff: Has administrative access to your pentests and organization.

Pentest Team Member

A Pentest Team Member is a customer (organization) representative during a specific pentest. In the UI, you see this role as “Team Member.”

A Pentest Team Member has access to a specific pentest with the following permissions:

  • View and edit pentest details.
  • Manage findings for a pentest.
  • Collaborate on a pentest in the Cobalt app and in Slack.
  • Manage users for a pentest.
  • View pentest activity updates and pentester updates.
  • Manage integrations for a pentest: Jira and GitHub.

A Pentest Team Member has no access to any information related to the organization, unless they’re also an Organization Owner or Member.

Learn more.

Organization Roles

When a customer starts their journey with Cobalt, we add an Organization Owner who then invites other users. Here is an overview of organization roles and permissions.

PermissionOrganization MemberOrganization Owner
Create assets and pentests, edit assets
Change the group an asset is associated with
View all findings reported within an organization on the Findings page, within group permissions
View organization users and pentest collaborators on the People page
Manage integrations for an organization
Edit the organization profile
View the credits ledger
View the Insights page
Manage users for an organization
Create and manage groups
Manage security settings for an organization: two-factor authentication and SAML
Enable co-branded reports (for Cobalt partners)

Organization Owner

An Organization Owner is the administrator for a customer organization within the Cobalt app. In the UI, you see this role as “Owner.”

An Organization Owner has the following permissions:

An Organization Owner may also be a Pentest Team Member.

Organization Member

An Organization Member is a customer representative who manages pentests and assets for their organization on the Cobalt platform but has less permissions compared to an Organization Owner. In the UI, you see this role as “Member.”

An Organization Member has the following permissions:

An Organization Member may also be a Pentest Team Member.

Cobalt Pentesters

When you run pentests using the Cobalt Pentest as a Service (PtaaS) platform, Cobalt pentesters participate in the process. This group includes the following roles:

Pentester

A Pentester is a Cobalt pentester who completes pentests for Cobalt customers.

The responsibilities of a Pentester include:

  • Thoroughly test an asset for vulnerabilities based on the pentest scope and requirements.
  • Submit vulnerabilities (findings) and provide remediation tips.
  • Retest findings that the customer has remediated within a pentest.
  • Collaborate with the customer throughout a pentest.

Some Cobalt pentesters may be a Lead in one test, a Pentester in a second test, and possibly no role and no involvement in your other pentests.

Lead

A pentest Lead is a Cobalt pentester who leads other Cobalt pentesters in their efforts to complete a Comprehensive pentest. A pentest Lead also drafts a pentest report.

For Agile pentests, the corresponding role is Coordinator.

Coordinator

A pentest Coordinator is a Cobalt pentester who leads other Cobalt pentesters in their efforts to complete an Agile pentest.

For Comprehensive pentests, the corresponding role is Lead.

In-House Pentester

An In-House Pentester is a pentester invited by a customer (organization) to perform In-House pentests on the Cobalt Pentest Management Platform (PMP). An In-House Pentester role has the same privileges as a Pentest Team Member, with additional access to pentester functionality.

A customer can invite pentesters from their organization, a third-party company, or both to complete In-House pentests on the Cobalt Pentest Management Platform (PMP).

Learn how to complete an In-House pentest.

Cobalt Staff

Select Cobalt Staff members have administrative access to your organization and pentests. If needed, they can help you:

  • Manage users in your organization
  • Manage work on your pentests
Last modified December 18, 2024