Skip to content

Roles and Permissions Enterprise

Trapster Enterprise uses role-based access control (RBAC) to limit what each user can see and do.

Unless noted otherwise, Member, Analyst, and Read-only users only see data in their assigned namespaces. Administrator users see all namespaces.

Built-in roles

RoleDescription
AdministratorFull access. Manage users, Trapsters, settings, honeytokens, breadcrumbs, and all integrations
MemberManage Trapsters, incidents, honeytokens, breadcrumbs, and settings within assigned namespaces. Cannot manage users
AnalystManage incidents (view, acknowledge, delete). View Trapsters, honeytokens, and settings within assigned namespaces but cannot modify configuration
Read-onlyView only. No create, edit, or delete actions

Capability matrix

CapabilityAdministratorMemberAnalystRead-only
View data (within assigned namespaces)YesYesYesYes
Manage incidentsYesYesYesNo
Manage TrapstersYesYesNoNo
Manage honeytokensYesYesNoNo
Manage breadcrumbsYesYesNoNo
Manage settings & integrationsYesYesNoNo
Manage personal access tokensYesYesNoNo
Manage namespacesYesNoNoNo
Manage usersYesNoNoNo

Assigning a role

Assign a role when inviting a user from Settings > Users, or change it later by editing the user.

Personal access tokens

Personal access tokens inherit the permissions of the user who created them. A token created by an Analyst cannot modify Trapsters or settings, even when used programmatically.

See API Authentication for how to create tokens.