Overview
Zenable uses Role-Based Access Control (RBAC) to manage who can do what within your organization. The system follows these principles:
- Permissions are atomic actions (e.g., “edit requirements”)
- Roles bundle permissions together (e.g., “Admin” has many permissions)
- Users are assigned roles directly or via identity provider groups
System Roles
Zenable provides six predefined roles that cover common access patterns:
| Role | Description | Key Capabilities |
|---|
| Viewer | Read-only access | View requirements, users, integrations, settings |
| Contributor | Create and edit content | All Viewer permissions + write/export requirements |
| Admin | Full admin access except billing | All Contributor + manage users, roles, integrations, audit logs |
| Owner | Complete access | All Admin + billing management |
| Billing Administrator | Financial access | View everything + manage billing and invoices |
| Security Auditor | Audit access | View and export audit logs only |
Custom roles are available on Enterprise plans. Contact us to learn more.
RBAC Audit Logging
RBAC Audit logging is available on Professional and Enterprise plans only. Log exporting requires an Enterprise plan.
audit:read permission.
Role Permission Matrix
| Permission | Viewer | Contributor | Admin | Owner | Billing Admin | Security Auditor |
|---|
| requirements:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| requirements:write | | ✓ | ✓ | ✓ | | |
| requirements:delete | | | ✓ | ✓ | | |
| requirements:export | | ✓ | ✓ | ✓ | | |
| users:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| users:invite | | | ✓ | ✓ | | |
| users:remove | | | ✓ | ✓ | | |
| users:manage_roles | | | ✓ | ✓ | | |
| billing:read | | | | ✓ | ✓ | |
| billing:manage | | | | ✓ | ✓ | |
| billing:view_invoices | | | | ✓ | ✓ | |
| audit:read | | | ✓ | ✓ | | ✓ |
| audit:export | | | ✓ | ✓ | | ✓ |
| integrations:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| integrations:manage | | | ✓ | ✓ | | |
| settings:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| settings:manage | | | ✓ | ✓ | | |
| feature_flags:read | | | ✓ | ✓ | | |
| feature_flags:manage | | | ✓ | ✓ | | |
Permissions by Category
Requirements
| Permission | Description |
|---|
requirements:read | View and search requirements, scopes, guardrails, and reviewer context |
requirements:write | Create and edit requirements, scopes, guardrails, and reviewer context |
requirements:delete | Permanently delete requirements, scopes, guardrails, and reviewer context |
requirements:export | Export requirements to external formats |
Users
| Permission | Description |
|---|
users:read | View team members |
users:invite | Invite new users |
users:remove | Remove users from tenant |
users:manage_roles | Assign and revoke roles |
Billing
| Permission | Description |
|---|
billing:read | View billing information |
billing:manage | Modify subscription |
billing:view_invoices | Download invoices |
Audit
| Permission | Description | Minimum Tier |
|---|
audit:read | View audit logs | Professional |
audit:export | Export audit logs | Enterprise |
Integrations
| Permission | Description |
|---|
integrations:read | View configured integrations |
integrations:manage | Add, remove, configure integrations |
Settings
| Permission | Description |
|---|
settings:read | View tenant settings |
settings:manage | Modify tenant configuration |
Feature Flags
| Permission | Description |
|---|
feature_flags:read | View feature flags |
feature_flags:manage | Enable/disable feature flags |
