# Auditor role template This is a Group-level read-only role, meaning an Auditor can only view certain areas and functions in Snyk and cannot create PRs, Projects, and more. This role can view issues, results of scans, and reports. An Auditor often verifies that there is a scan snapshot for a particular resource or Snyk Project. The Auditor may be external to the company. ## Group-level permissions To create this role, enable the following permissions in the relevant categories: ### Group Management

Permission	Enabled?
View Groups	true
Edit Group details	false
View Group settings	false
Edit settings	false
View Group notification settings	false
Edit Group notification settings	false

### Organization management

Permission	Enabled?
View Organizations	true
Edit Organizations	false
Remove Organizations	false

### Snyk Essentials management

Permission	Enabled?
View Snyk Essentials	true
Edit Snyk Essentials	false

### Audit Log management

Permission	Enabled?
View Audit Logs	true

### Insights management

Permission	Enabled?
Access Insights	true

### Reports management

Permission	Enabled?
View reports	true

### Security and License Policies

Permission	Enabled?
View Policies	true
Create Policies	false
Edit Policies	false
Delete Policies	false

### User management

Permission	Enabled?
View users	true
Invite users	false
Manage users	false
Add users	false
Provision users	false
User Leave	false
User Remove	false

The remaining categories of permissions listed below should have all permissions within them set to disabled: * IaC settings management * Issue management * Request access management * Role management * Service account management * Snyk Apps management * Snyk Preview management * SSO settings management * Tags management ## Organization-level permissions To create this role, enable the following permissions in the relevant categories: ### Organization management

Permission	Enabled?
View Organization	true
Edit Organization	false
Remove Organization	false

### Audit Log management

Permission	Enabled?
View audit logs	true

### Collection management

Permission	Enabled?
View Collections	true
Create Collection	false
Edit Collections	false
Delete Collections	false

### Container Image management

Permission	Enabled?
View container image	true
Create container image	false
Edit container image	false

### Integration management

Permission	Enabled?
View integrations	true
Edit integrations	false

### Project management

Permission	Enabled?
View Project	true
Add Project	false
Edit Project	false
Edit Project status	false
Test Project	false
Move Project	false
Remove Project	false
View Project history	true
Edit Project integrations	false
Edit Project attributes	false
View Jira issues	true
Create Jira issues	false
Edit Project Tags	false

### Project Ignore management

Permission	Enabled?
View Project Ignores	true
Create Project Ignores	false
Edit Project Ignores	false
Remove Project Ignores	false

### Reports management

Permission	Enabled?
View Organization reports	true

### Snyk Cloud management

Permission	Enabled?
View environments	false
Create environments	false
Delete environments	false
Update environments	false
View scans	true
Create scans	false
View resources	true
View artifacts	true
Create artifacts	false
View Custom Rules	false
Create Custom Rules	false
Edit Custom Rules	false
Delete Custom Rules	false

### Webhook management

Permission	Enabled?
View Outbound Webhooks	true
Create Outbound Webhooks	false
Remove Outbound Webhooks	false

The remaining categories of permissions listed below should have all permissions within them set to disabled: * Billing management * Entitlement management * Kubernetes Integration management * Package management * Project pull request management * Service account management * Snyk Apps management * Snyk Preview management * User management