Groups & Roles
Permissions are granted through groups, not directly on users. Built-in groups include Admin (full access) and Read only (read-only resource keys).
Manage groups
Section titled “Manage groups”- Go to Settings → Groups (
/settings/groups). - Create a group or edit permissions JSON / checkboxes in the UI catalog.
- Add members on the group detail page (
settings.groups.members).
Permission families
Section titled “Permission families”| Family | Examples |
|---|---|
module.* | Show navigation module (assets, incidents, vpn, …) |
assets.read / .create / .update / .delete | CMDB CRUD |
incidents.*, changes.*, … | Per-module CRUD |
settings.* | License, users, API keys, audit, retention |
security.tool.* | Investigation tools (ping, nmap, ssh, …) |
Wildcard * grants everything (Admin built-in).
Read-only built-in
Section titled “Read-only built-in”The Read only group receives .read on most resources but excludes maintenance, VPN, and backup modules by default.
Full catalog
Section titled “Full catalog”See Permissions Reference for the full list of keys.