Permissions Reference
Use this reference when configuring Settings → Groups. Permission names match the group permission editor in the UI.
Permissions are stored on groups as JSON maps of key → true. The built-in Admin group effectively has full access (* wildcard).
Module visibility
Section titled “Module visibility”| Key | UI module |
|---|---|
module.dashboard | Dashboard |
module.assets | Assets / CMDB |
module.incidents | Incidents |
module.post_incident_reviews | Post-incident reviews |
module.service_requests | Service requests |
module.problems | Problems |
module.changes | Changes |
module.releases | Releases |
module.vulnerabilities | Vulnerabilities |
module.knowledge | Knowledge |
module.diagrams | Network diagrams |
module.maintenance | Maintenance |
module.vpn | VPN |
module.security | Security |
module.backup | Backup |
module.settings | Settings |
Resource CRUD
Section titled “Resource CRUD”For each resource dashboard, assets, incidents, changes, problems, vulnerabilities, knowledge, diagrams, maintenance, vpn, security, backup, service_requests, post_incident_reviews, releases, vendors:
{resource}.read{resource}.create{resource}.update{resource}.delete
(dashboard only uses dashboard.read.)
Settings
Section titled “Settings”| Key | Purpose |
|---|---|
settings.license.write | License / modules |
settings.groups.read / .write / .members | Groups |
settings.users.read / .users.manage | Users & invites |
settings.api_keys.manage | API keys |
settings.edge_registration_keys.manage | Edge registration keys |
settings.retention.write | Retention policies |
settings.company.write | Company / system settings |
settings.auth.manage | Authentication / Entra |
settings.audit.read | Audit log viewer |
Security tools
Section titled “Security tools”security.tool.ping, security.tool.arp_scan, security.tool.nmap, security.tool.rustscan, security.tool.ssh, security.tool.busybox_shell