Roles and permissions
Roles in your organization are divided into two levels: organization-level roles and application-level roles. This page describes all the roles, and what each role can do.
Organization-level roles
- Organization Admin: Sets up your organization's Polaris account and manages users and groups within it. Each organization has at least one Organization Admin.
- Organization Application Manager: Has full access to all applications within the organization.
Note: You can assign organization-level roles to users or groups. Most users don't have organization-level permissions, but receive application-level permissions from an Application Admin. No Global Role refers to users who don't have organization-level permissions.
Application-level roles
- Application Admin: The owner of one or more applications.
- Contributor: A user with access to an application who can create and manage projects, run test, and triage issues.
- Member: A user with access to an application who can do everything a contributor can do, except create, update, or delete projects.
- Observer: A user with access to an application who can view projects, test results, and issues, but cannot run tests or triage issues.
Note: After you add a user or group to an application, you can set the user or group's application-level role.
Roles and permissions tables
Organization-Level Roles | Application-Level Roles | |||||
---|---|---|---|---|---|---|
Organization Admin | Organization Application Manager | Application Admin | Application Contributor | Application Member | Application Observer | |
Entitlements (controlled at the Application level) | ||||||
View entitlements | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Allocate entitlements to the application | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Application | ||||||
Create applications | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View applications | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update applications | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Delete applications | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Project | ||||||
Create projects | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View projects | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update projects | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Delete projects | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Branch | ||||||
Create branch | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View branch | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update branch | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Delete branch | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Assign policies to branch | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Tags | ||||||
Create tags | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View tags | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update tags | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
User Management | ||||||
Add users | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Assign users to specific applications | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Reset two-factor authentication for user | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View users assigned to application-level roles | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Assign/unassign other users to application-level roles | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View list of application roles | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Group Management | ||||||
Create groups | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View a list of all groups | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View groups you belong to | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View a group's members | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View a group's organization-level role | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View a group's application-level role | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update a group's name | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update a group's organization-level role | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update a group's application-level role | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Add or remove group members | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Delete groups | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Scanning/Test Management | ||||||
Start scan | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View scan | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Pause scan (update) | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Cancel scan (delete) | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Issue Remediation | ||||||
Update issue (not triaged/to be fixed) | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Delete issue (dismiss) | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View issue history | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Polaris Assist | ||||||
Enable/disable Polaris Assist | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Use Polaris Assist | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Issue tracking integrations | ||||||
Create organization-level issue tracking connections | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View organization-level issue tracking connections | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update organization-level issue tracking connections | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Delete organization-level issue tracking connections | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Create project-level issue tracking connection | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View project-level issue tracking connection | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update project-level issue tracking connection | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Export issues to Azure DevOps/Jira | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View links to exported issues | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Secure Code Warrior Integration | ||||||
Enable/disable integration | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Dashboard | ||||||
View dashboard | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Manage default filters | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Reporting | ||||||
Create and download report | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Delete report | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Create report configuration | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update report configuration | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Delete report configuration | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Audit | ||||||
View audit log | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Download audit log | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Policy | ||||||
Create policy | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Assign/unassign policy to project | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update policy | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Delete policy | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View policy applied to project | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Receive policy notifications | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Notifications | ||||||
Manage global notification settings | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
SCM Repository Configuration | ||||||
Create SCM repository connection | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Bulk onboard applications and projects | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Integrate individual repositories/bulk onboarding projects into application | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
View SCM repository connection | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update SCM repository connection | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Test SCM repository connection | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Cancel bulk onboarding of applications and projects | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Cancel bulk onboarding of projects into applications | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Component | ||||||
View component | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update component triage status | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Export SBOM (report) | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
License | ||||||
View license | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Update License (Pick license) | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |