Pre-defined roles
Feature availability
Group-level roles are available only with Enterprise Enterprise plans. For more information, see plans and pricing.
Snyk provides a set of standard user roles that can be assigned and managed using the Snyk Web UI or the Snyk API. The permission sets for pre-defined roles cannot be customized. Instead, Snyk recommends creating a custom role under Manage role in the Snyk Web UI.
The pre-defined roles Snyk provides are as follows:
Organization Admin: the standard role equivalent for Team Leads. Users with this role can add and delete Projects, override Snyk checks, and provision Group members with an Organization-level role.
Organization Collaborator: the standard role equivalent for Developers. This role is ideal for small teams or a developer-first organizational approach.
Group Admin: the standard role equivalent for the person in your company who oversees Snyk use at a high level, providing a full set of permissions at the Group and Organization level. This also means that a Group Admin is automatically an Organization Admin to all Organizations that sit under the Group, although they will not be visible in an Organization level list.
Group Viewer: a user who can access the Group level but requires Organization-level permissions to take actions in Snyk. This is normally used as a starting point during onboarding with Snyk to understand functions tied to Group permissions and design a custom Group role for post-deployment use.
Group Member: a non-functional user role added to your environment as a transition from Group Viewer if you do not yet wish to create a custom role after onboarding with Snyk. This means the permissions granted can vary depending on your requirements, as discussed with your Snyk contacts. Select the named role from the list under Manage Members in the Snyk Web UI to check the permissions assigned to your Group Member role.
Tenant Admin: a user who can access all Tenant products and settings. This role is reserved for account owners and admins only.
Tenant Viewer: a user who can see the list of all users of a Tenant, as well as all the Groups and Organizations set up for a Tenant.
Tenant Member: the default role of all users of a Tenant, but with no access to any Tenant level option.
Role types
Roles can be managed at the Organization, Group, and Tenant level.
Tenant-level roles do not provide entitlement to Group and Organization level roles.
Group-level roles contain permissions at both the Organization and the Group levels. Any Organization permissions added to a Group role will be granted to all Organizations in the Group. For example, the pre-defined Group role Group Viewer grants users a selection of view permissions on the Group, and also a selection of Organization-level viewer permissions to grant users who have that role read-only access to all Organizations in the Group.
Organization roles contain only permissions at the Organization level. Organization roles are useful for granting specific permissions for a selection of organizations.
You can use a combination of Organization and Group-level roles to grant specific access across your all roles. For example, if you want a user to have Organization Admin access to a particular Organization, but have read-only access to the rest of the Organizations in the Group, you can grant that user the Group Viewer role at the Group level and the Organization Admin role for the Organization you choose.
Organization-level permissions
This table details the Organization-level permissions that apply to each pre-defined role.
View Organization
Edit Organization
Remove Organization
View Organization Reports
View Project
Add Project
Edit Project
Project Status
Test Project
Move Project
Remove Project
View Project History
Edit Project Integrations
Edit Project Attributes
View Jira Issues
Create Jira Issues
Edit Project Tags
View Project Ignores
Create Project Ignores
Edit Project Ignores
Remove Project Ignores
Create Pull Requests
Mark Pull Request checks as successful
View Collections
Create Collections
Edit Collections
Delete Collections
View Service Accounts
Create Service Accounts
Edit Service Accounts
Remove Service Accounts
View Users
Invite Users
Manage Users
Add Users
Provision Users
User Leave
User Remove
View Integrations
Edit Integrations
Test Packages
View Billing
Edit Billing
View Entitlements
View Preview Features
Edit Preview Features
View Audit Logs
View Outbound Webhooks
Create Outbound Webhooks
Remove Outbound Webhooks
View Apps
Install Apps
Create Apps
Edit Apps
Delete Apps
View Environments
Create Environments
Delete Environments
Update Environments
View Scans
Create Scans
View Resources
View Artifacts
Create Artifacts
View Custom Rules
Create Custom Rules
Edit Custom Rules
Delete Custom Rules
View Container Image
Publish Kubernetes Resources
Snyk Learn Management
Group-level permissions
This table details the Group-level permissions that apply to each pre-defined role.
View groups
Edit group details
View group settings
Edit settings
View group notification settings
Edit group notification settings
View orgs
Add orgs
Remove orgs
Read roles
Create roles
Edit roles
Remove roles
View users
Add users to the group
Edit users in the group
Remove users
Delete users
Provision users
Assign and unassign roles
View service accounts
Create service accounts
Edit service accounts
Remove service accounts
View audit logs
View policies
Create policies
Edit policies
Delete policies
View reports
View tags
View IaC settings
Edit IaC settings
View feature flags
Edit feature flags
View request access settings
Edit request access settings
View SSO settings
Edit SSO settings
View Apps
Install Apps
Edit Apps
View AppRisk
Edit AppRisk
Access Insights
Tenant-level permissions
Tenant permissions are set and managed on the Tenant Members page. The available Tenant roles are: Tenant Admin, Tenant Viewer, and Tenant Member. For more information, see Manage users in a Tenant.
This table details the Tenant-level permissions that apply to each pre-defined role:
View Tenant
Edit Tenant
List Group
View Membership
Edit Membership
Edit Owner
Create SSO
Edit SSO
View SSO
Delete SSO
View User
View Report
View Billing
Last updated
Was this helpful?