Users and Teams

Role Based Access Control


Gremlin provides role based access control functionality that grants specific permissions to a role and then a role, or many roles, to each user. Any action taken in the Gremlin UI or API requires a role that grants a user permission for that action. Permissions cannot be assigned independently of roles.

Roles

Roles are split into two categories, company and team roles.

Team roles grant permissions to a user, specifically for work within that team. The team roles control which actions the user can take on behalf of the team, like starting an attack on that team's clients, or revoking that team's API key.

Permissions for work outside of a team are granted using company level roles. Company level roles control actions a user can take on behalf of the company, like changing single sign on settings, creating a new team, or removing a user from the company.

To view or edit users and roles, go to your company settings

Company Roles

The following table describes the permissions that are available for each company role.

OwnerAdminManagerCoordinator*User
Authentication Management
SSOβœ”οΈβœ”οΈ
MFAβœ”οΈβœ”οΈ
Personal Account Management
Enable MFAβœ”οΈβœ”οΈβœ”οΈβœ”οΈβœ”οΈ
Reset Passwordβœ”οΈβœ”οΈβœ”οΈβœ”οΈβœ”οΈ
User Management
Invite users to companyβœ”οΈβœ”οΈβœ”οΈ
Update user rolesβœ”οΈβœ”οΈβœ”οΈ
Add/remove users from teamsβœ”οΈβœ”οΈβœ”οΈ
Revoke users from companyβœ”οΈβœ”οΈ
Reactivate revoked userβœ”οΈβœ”οΈ
Assign Company Owner roleβœ”οΈ
Assign/remove Company/Team Manager rolesβœ”οΈβœ”οΈ
Team Management
Create/delete teamsβœ”οΈβœ”οΈβœ”οΈ
List teamsβœ”οΈβœ”οΈβœ”οΈβœ”οΈβœ”οΈ
Reset team secretsβœ”οΈβœ”οΈ
Certificate Managementβœ”οΈβœ”οΈ
Client Management
Reactivate any clientβœ”οΈ
Access Logs
View user, team, company security logsβœ”οΈβœ”οΈ
Integration Management
Configure external integrations with Gremlinβœ”οΈβœ”οΈ
Scenario Management
Share or unshare Scenariosβœ”οΈβœ”οΈ

Team Roles

The following table describes the permissions that are available for each team role.

Team ManagerTeam Credential Manager*Team User
Attacks
Create, start, halt, scheduleβœ”οΈβœ”οΈ
User Management
Invite new users to the companyβœ”οΈ
Invite/remove users to their teamβœ”οΈ
Client Management
Deactivate team clientsβœ”οΈβœ”οΈ
Reactivate team clientsβœ”οΈ
API Key Management
Create, view, revoke API keyβœ”οΈβœ”οΈ
Reactivate revoked API keyβœ”οΈ
Secrets/Certificates Management
Rollover, delete, create team certificateβœ”οΈβœ”οΈ
Reset team secretβœ”οΈβœ”οΈ
Notifications
Scheduled Status Checksβœ”οΈ
Scenario Management
Share or unshare Scenariosβœ”οΈ

Free vs. Enterprise Users

All Company and Team roles are available to Enterprise customers. Free users can only be assigned either Company Owner or User roles.

FAQs

Is a user required to have both team and company roles?


No. All roles are granted independently of each other.

Do I have to have a team role to run attacks?


Yes. To run attacks for a team, you need user permissions or higher for that team.