Scytale supports Role-Based Access Control (RBAC)—a powerful feature that allows you to assign specific roles and permissions to users in your workspace. With this, you can manage access with greater precision, ensuring the right people have access to the right areas of the platform.
👥 Roles and What They Can Do
| Role | What They Can Access | Best For |
|---|---|---|
| Admin | Full access to all areas of the platform, including settings and user management. | Workspace owners or IT/security leads who need full control. |
| Team Member | Limited permissions across the platform, excluding user management. | Team members handling daily compliance tasks. |
| Collaborator | Access only to items where they are assigned as the owner (e.g., policies, monitoring), plus Integrations. | Contributors or part-time team members with specific responsibilities. |
| Auditor | Read-only access to audits they’ve been assigned, except for the evidence management section. | Auditors reviewing a specific audit. |
| PT Tester | Access only the Penetration Testing page, limited to what’s needed for the company-specific testing. | Scytale PT Testers |
🔑 How Role Assignment Works
Only Admins can:
-
Invite new users to the workspace
-
Assign or change a user’s role at any time
-
Remove users when needed
⚠️ Important Note About the Collaborator Role
Collaborators will only have access to items where they are explicitly listed as the owner. For example, if someone is a Collaborator but is not assigned to any policies or monitoring tasks, they won’t see anything in those areas.
Note: Before assigning the Collaborator role, make sure to assign the user to all the relevant items they need access to.