Roles 
Roles let you define the applications, projects, and organization settings that users with a specific role can access.
Note
This feature is supported for hosted customers only and is in preview mode. For access to this feature, contact Contrast support.
On-premises customers manage access to Contrast by setting up organization users and groups.
Contrast provides a set of built-in roles or you can add custom roles.
Roles tab
The Roles tab displays the list of existing roles. From this tab, you can:
View a list of roles.
Use search to find specific roles.
Built-in roles and actions
Each action associated with a role provides permissions for a specific set of tasks and data.
Note
You cannot change the settings for the built-in roles. To view the settings for roles, select the View icon (
).
Organization roles
This role: | Includes these built-in resource groups: | And these actions: |
|---|---|---|
Organization viewer | All organization settings | View organization |
Organization editor | All organization settings | Edit organization settings |
Organization administrator | All access control settings All organization settings | Manage organization Manage platform organization |
Organization rules administrator | All organization settings | Manage organization rules |
App Security roles
This role: | Includes these built-in resource groups: | And these actions: |
|---|---|---|
App Security administrator | All applications All organization settings All projects | Manage application rule View, edit, delete projects View organization |
DevOps roles
This role: | Includes the built-in resource groups: | And these actions: |
|---|---|---|
DevOps administrator | All applications All organization settings All projects All resource groups All roles All user access groups | Manage organization View application View project View organization |
Application roles
This role | Includes these built-in resource groups: | And these actions: |
|---|---|---|
Application viewer | All applications | View application |
Application editor | All applications | Edit application |
Application administrator | All applications | Manage application |
Application rules administrator | All applications | Manage application rule |
Scan project roles
This role: | Includes these built-in resource groups: | And these actions: |
|---|---|---|
Project viewer | All projects | View project |
Scan uploader | All projects | Upload scans |
Project administrator | All projects | View, edit, delete projects Create project |
Protect roles
This role: | Includes these built-in resource groups: | And these actions: |
|---|---|---|
Protect viewer | All applications | Access Protect |
Protect policies administrator | All applications | Manage Protect policies |
Protect exclusions administrator | All Protect exclusions | Manage Protect exclusions |
Protect sensitive data administrator | All Protect sensitive data policies | Manage protect sensitive data policies |
Serverless roles
This role: | Includes these built-in resource groups: | And these actions: |
|---|---|---|
Serverless user | All functions | View Serverless |