Project Roles and Permissions

The following table lists the various roles and associated permissions used to manage a given project in Code Insight. The project creator automatically becomes the initial Project Contact and Project Administrator. In turn, a Project Administrator can assign Analyst, Reviewer, and Observer roles to Code Insight users, as well as create other Project Administrators. The Project Administrator can also remove users from any of these roles. For more information, see Assigning or Removing Project User Roles in this guide.

Users can be assigned multiple project roles.

Project Roles and Permissions
			Roles
			Analyst	Reviewer	Observer*	Proj. Contact	Proj. Admin	Sys. Admin
Responsibility	Permissions	Notes
Manage project	Reassign the project contact		X	X	X
	Manage project users		X	X	X	X		X
	Rename the project		X	X	X	X		X
	Create/edit custom field values for a project (including SBOM Bucket Name)		X	X	X	X		X
	Move projects in Projects pane		X	X	X	X		X
	Manage scan settings		X	X	X	X		X
	Manage review/remediation settings		X	X	X	X		X
	Manage Source Control Management (SCM) and Application Lifecycle (ALM) instances		X	X	X	X		X
	Delete the project		X	X	X	X		X
	Branch or copy the project		X	X	X	X		X
Invoke/stop scans				X	X	X		X
Upload codebases				X	X	X		X
Import/export project data				X	X	X		X
Assign project to an SBOM bucket			X	X	X	X		X
Export to SBOM Insights				X	X	X	X	X
View project inventory								**
Analyze, suppress, unsuppress security vulnerabilities	Developer Contact, Security Contact, or System Administrator only
Review project inventory	Recall inventory				X	X	X	X
	Approve/reject inventory		X		X	X	X	X
	Set inventory priority		X		X	X	X	X
	Edit/create inventory	Only Analysts have access to the Add Item and Edit Item buttons to create/edit project inventory properties.		X	X	X	X	X
	Create and manage work items in the project’s associated ALM (application life cycle management) system		X		X	X	X	X
	Update Notices text and notes	This permission refers to inventory’s Notices Text field (on the Notices Text tab) and the information on the Notes & Guidance tab (except Detection Notes).			X	X	X	X
	Edit custom field values on the Inventory Details tab				X	X	X	X
	View evidence found in files listed on the Associated Files tab and manage the inventory’s file associations	For Analysts only, the file path for an associated file is hyperlinked, enabling them to open to the file’s File Details tab in Analysis Workbench to view evidence. In Analysis Workbench, Analysts can also add/remove files associated with inventory.		X	X	X	X	X
	Force automatic review by policy across all inventory in the project		X		X	X	X	X
Use Analysis Workbench	View/analyze codebase files			X	X	X	X	X
	Edit alerts			X	X	X	X	X
	Create, edit, and recall inventory and manage custom detection rules			X	X	X	X	X
	Edit Notices Text field on Notices Text tab			X	X	X	X	X
	Edit Audit Notes field on the Notes tab			X	X	X	X	X
	Edit custom field values on the Custom Fields tab			X	X	X	X	X
Generate reports		Any user (not just one with a project role) can generate reports. For a “private” project, the Observer is considered an “any user”, restricted to viewing project inventory and generating reports.

* The Observer role is available for only projects defined as “Private”. Private projects are hidden from all users except the Project Contact, the System Administrator (restricted to Summary tab only), and those users assigned as Project Administrators, Analysts, Reviewers, and Observers of the project. An Observer is limited to viewing project inventory and generating reports for the “Private Project”.

** In general, a System Administrator has permission to access both public and private projects. However, the Project Inventory tab for a private project is visible to a System Administrator only if the user assigned to the System Administrator role is also assigned to a role in the project (Project Administrator, Project Contact, Observer, Analyst, or Reviewer).