# Setting Roles and Permissions

## Roles and Permissions Logic <a href="#roles-and-permissions-logic" id="roles-and-permissions-logic"></a>

Aikido offers three distinct user roles (**admins**, **default** and **team-only** users) to manage access and permissions effectively. Default and team-only users can have **standard editing rights** or can be **read-only**.

| Role                | Access Level                                                 |
| ------------------- | ------------------------------------------------------------ |
| **Admins**          | Full access                                                  |
| **Default Users**   | <p>Global / All Teams</p><p>Standard rights or read-only</p> |
| **Team-Only Users** | <p>Team-specific</p><p>Standard rights or read-only</p>      |

### Default Users vs Team-Only Users <a href="#default-users-vs-team-only-users" id="default-users-vs-team-only-users"></a>

The main difference between the two is that team-only users only have access to those issues for the teams they belong to. They still are able to mostly manage issues.

| Permission                                                                           | Default Users | Team-Only Users                                       |
| ------------------------------------------------------------------------------------ | ------------- | ----------------------------------------------------- |
| <p><strong>Issue Actions</strong></p><p>Snooze, ignore, severity change, autofix</p> | ✅             | ✅                                                     |
| **Create Tasks**                                                                     | ✅             | ✅                                                     |
| **Add Repos**                                                                        | ✅             | ❌                                                     |
| **Add Container Registries**                                                         | ✅             | ❌                                                     |
| **Add Domains**                                                                      | ✅             | Connected to repos only. No standalone.               |
| **Export Issues**                                                                    | ✅             | ❌                                                     |
| **Pentests**                                                                         | ✅             | ❌                                                     |
| **Code Quality**                                                                     | ✅             | ❌                                                     |
| **Zen Firewall**                                                                     | ✅             | ❌                                                     |
| **Acces to Settings**                                                                | All settings  | General Settings **Only**                             |
| **Acces to Reports**                                                                 | All Reports   | Trends Over Time, Licenses & SBOM and Malware Monitor |

### Advanced Rights for Users with Standard Rights <a href="#advanced-rights-for-users-with-standard-rights" id="advanced-rights-for-users-with-standard-rights"></a>

Aikido has an extra layer of permissions that can be enabled or disabled (both for default and team-only users). This is helpful in case you still want users to be able to execute certain actions. **Read-only rights block all possible actions.**

**Configurable for Default and Team-Only**

* **Snooze/Ignore Issues**: Ability to temporarily or permanently dismiss issues.
* **Change Issue Severity**: Ability to modify the severity level of issues.
* **Can export data:** Ability to export csv reports of vulnerability issues.

**Limited to Default Users**

* **Manage Teams**: Ability to manage team settings and membership.
* **Manage Repositories:** Ability to change branch, set multi-branch scanning and manage custom SAST rules.
* **Manage Clouds:** Ability to add and configure clouds
* **Manage Containers:** Ability to add and configure containers
* **Manage Domains:** Ability to add and configure domains
* **Manage Pentests:** Ability to run and configure pentests
* **Manage Code Quality Rules:** Ability to add and configure Code Quality Rules & manage code context

## How to change roles and permissions <a href="#how-to-change-roles-and-permissions" id="how-to-change-roles-and-permissions"></a>

**Step 1.** Go to the user overview in your settings

**Step 2.** Click the triple dots to open up the role and permissions modal for a specific user

<div data-with-frame="true"><img src="/files/xAIrtytTcFhfJO0Yrkxc" alt="" width="563"></div>

**Step 3.** Set the preferred user role and permissions

<div data-full-width="false" data-with-frame="true"><figure><img src="/files/w4SKjPgaZSfC88JM0W9b" alt=""><figcaption></figcaption></figure></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/getting-started/automated-user-management/setting-roles-and-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.