Pre-defined roles

Snyk provides a set of standard user roles that can be assigned and managed using the Snyk Web UI or the Snyk API. The permission sets for pre-defined roles cannot be customized. Instead, Snyk recommends creating a custom role under Manage role in the Snyk Web UI.

The pre-defined roles Snyk provides are as follows:

  • Organization Admin: the standard role equivalent for Team Leads. Users with this role can add and delete Projects, override Snyk checks, and provision Group members with an Organization-level role.

  • Organization Collaborator: the standard role equivalent for Developers. This role is ideal for small teams or a developer-first organizational approach.

  • Group Admin: the standard role equivalent for the person in your company who oversees Snyk use at a high level, providing a full set of permissions at the Group and Organization level. This also means that a Group Admin is automatically an Organization Admin to all Organizations that sit under the Group, although they will not be visible in an Organization level list.

  • Group Viewer: a user who can access the Group level but requires Organization-level permissions to take actions in Snyk. This is normally used as a starting point during onboarding with Snyk to understand functions tied to Group permissions and design a custom Group role for post-deployment use.

  • Group Member: a non-functional user role added to your environment as a transition from Group Viewer if you do not yet wish to create a custom role after onboarding with Snyk. This means the permissions granted can vary depending on your requirements, as discussed with your Snyk contacts. Select the named role from the list under Manage Members in the Snyk Web UI to check the permissions assigned to your Group Member role.

  • Tenant Admin: a user who can access all Tenant products and settings. This role is reserved for account owners and admins only.

  • Tenant Viewer: a user who can see the list of all users of a Tenant, as well as all the Groups and Organizations set up for a Tenant.

  • Tenant Member: the default role of all users of a Tenant, but with no access to any Tenant level option.

Role types

Roles can be managed at the Organization, Group, and Tenant level.

Tenant-level roles do not provide entitlement to Group and Organization level roles.

Group-level roles contain permissions at both the Organization and the Group levels. Any Organization permissions added to a Group role will be granted to all Organizations in the Group. For example, the pre-defined Group role Group Viewer grants users a selection of view permissions on the Group, and also a selection of Organization-level viewer permissions to grant users who have that role read-only access to all Organizations in the Group.

Organization roles contain only permissions at the Organization level. Organization roles are useful for granting specific permissions for a selection of organizations.

You can use a combination of Organization and Group-level roles to grant specific access across your all roles. For example, if you want a user to have Organization Admin access to a particular Organization, but have read-only access to the rest of the Organizations in the Group, you can grant that user the Group Viewer role at the Group level and the Organization Admin role for the Organization you choose.

Organization-level permissions

This table details the Organization-level permissions that apply to each pre-defined role.

Org Admin
Org Collaborator
Group Admin
Group Viewer
Group Member

View Organization

Edit Organization

Remove Organization

View Organization Reports

View Project

Add Project

Edit Project

Project Status

Test Project

Move Project

Remove Project

View Project History

Edit Project Integrations

Edit Project Attributes

View Jira Issues

Create Jira Issues

Edit Project Tags

View Project Ignores

Create Project Ignores

Edit Project Ignores

Remove Project Ignores

Create Pull Requests

Mark Pull Request checks as successful

View Collections

Create Collections

Edit Collections

Delete Collections

View Service Accounts

Create Service Accounts

Edit Service Accounts

Remove Service Accounts

View Users

Invite Users

Manage Users

Add Users

Provision Users

User Leave

User Remove

View Integrations

Edit Integrations

Test Packages

View Billing

Edit Billing

View Entitlements

View Preview Features

Edit Preview Features

View Audit Logs

View Outbound Webhooks

Create Outbound Webhooks

Remove Outbound Webhooks

View Apps

Install Apps

Create Apps

Edit Apps

Delete Apps

View Environments

Create Environments

Delete Environments

Update Environments

View Scans

Create Scans

View Resources

View Artifacts

Create Artifacts

View Custom Rules

Create Custom Rules

Edit Custom Rules

Delete Custom Rules

View Container Image

Publish Kubernetes Resources

Snyk Learn Management

Group-level permissions

This table details the Group-level permissions that apply to each pre-defined role.

Org Admin
Org Collaborator
Group Admin
Group Viewer
Group Member

View groups

Edit group details

View group settings

Edit settings

View group notification settings

Edit group notification settings

View orgs

Add orgs

Remove orgs

Read roles

Create roles

Edit roles

Remove roles

View users

Add users to the group

Edit users in the group

Remove users

Delete users

Provision users

Assign and unassign roles

View service accounts

Create service accounts

Edit service accounts

Remove service accounts

View audit logs

View policies

Create policies

Edit policies

Delete policies

View reports

View tags

View IaC settings

Edit IaC settings

View feature flags

Edit feature flags

View request access settings

Edit request access settings

View SSO settings

Edit SSO settings

View Apps

Install Apps

Edit Apps

View AppRisk

Edit AppRisk

Access Insights

Tenant-level permissions

Tenant permissions are set and managed on the Tenant Members page. The available Tenant roles are: Tenant Admin, Tenant Viewer, and Tenant Member. For more information, see Manage users in a Tenant.

This table details the Tenant-level permissions that apply to each pre-defined role:

Tenant Admin
Tenant Viewer
Tenant Member

View Tenant

Edit Tenant

List Group

View Membership

Edit Membership

Edit Owner

Create SSO

Edit SSO

View SSO

Delete SSO

View User

View Report

View Billing

Last updated

Was this helpful?