Roles and Permissions Enterprise
Trapster Enterprise uses role-based access control (RBAC) to limit what each user can see and do.
Unless noted otherwise, Member, Analyst, and Read-only users only see data in their assigned namespaces. Administrator users see all namespaces.
Built-in roles
| Role | Description |
|---|---|
| Administrator | Full access. Manage users, Trapsters, settings, honeytokens, breadcrumbs, and all integrations |
| Member | Manage Trapsters, incidents, honeytokens, breadcrumbs, and settings within assigned namespaces. Cannot manage users |
| Analyst | Manage incidents (view, acknowledge, delete). View Trapsters, honeytokens, and settings within assigned namespaces but cannot modify configuration |
| Read-only | View only. No create, edit, or delete actions |
Capability matrix
| Capability | Administrator | Member | Analyst | Read-only |
|---|---|---|---|---|
| View data (within assigned namespaces) | Yes | Yes | Yes | Yes |
| Manage incidents | Yes | Yes | Yes | No |
| Manage Trapsters | Yes | Yes | No | No |
| Manage honeytokens | Yes | Yes | No | No |
| Manage breadcrumbs | Yes | Yes | No | No |
| Manage settings & integrations | Yes | Yes | No | No |
| Manage personal access tokens | Yes | Yes | No | No |
| Manage namespaces | Yes | No | No | No |
| Manage users | Yes | No | No | No |
Assigning a role
Assign a role when inviting a user from Settings > Users, or change it later by editing the user.
Personal access tokens
Personal access tokens inherit the permissions of the user who created them. A token created by an Analyst cannot modify Trapsters or settings, even when used programmatically.
See API Authentication for how to create tokens.
