Role Based Access (RBAC)

The Role Based Access (RBAC) button under "Security" in the Admin Dashboard gives administrators granular control over permissions within PlexTrac, such as actions allowed for a specific user, permissions for customers, access to client data, and report access that restricts viewing sensitive data.

PlexTrac applies roles considering the tenant (instance) and client. This enables teams to grant users the privileges required to accomplish tasks for specific clients.

A user’s tenant role governs what portions of the platform they can access, including the modules, tools, and UI elements presented for use. A user’s permissions can be further scoped in the context of individual clients. Users must have a role in the context of each client.

PlexTrac has three default roles: Administrator, Standard User, and Analyst.


The Security: Role Based Access page includes permission settings on the following topics, which themselves may have additional subtopics allowing for further refinement:

  • Administration Permissions

    • Administration Access

    • Account Information

    • Custom Templates

    • Email Settings

    • General Settings

    • Integration Settings

    • Parser Actions

    • License Management

    • Security

    • Style Guides

    • Tags Management

  • Analytics Permissions

    • Analytics Access

  • Assessments Permissions

    • Assessment Questionnaires Management

    • Assessments Access

    • Assessment Reviewers

  • Client Permissions

    • Client Access

    • Client Asset Management

    • Client Management

  • Reports Permissions

    • Report Access

    • Report Artifacts

    • Report Findings

    • Report Procedures

  • Runbooks Permissions

    • Runbooks Access

    • Runbooks Methodologies

    • Runbooks Procedures

    • Runbooks Tactics

    • Runbooks Techniques

    • Runbooks Engagements

    • Runbooks Testplans

  • Customizations

    • Customizations Access

  • Content Library Permissions

    • NarrativesDB

    • WriteupsDB

    • RunbooksDB

  • Priorities Permissions

    • Priorities

  • Contextual Scoring Permissions

    • Priority Scoring

  • Engagement Scheduler Permissions

    • Engagement Scheduler

Licensed Permissions

An icon within the RBAC list identifies permissions that require a license.

For a tenancy, a license can be in different states:

  1. A valid key: In this scenario, no banner message will appear.

  2. An invalid license key: In this scenario, a banner appears (when adding users or viewing a role within the Admin Dashboard), and the admin needs to contact

  3. More licenses needed: This scenario applies to situations where the number of licenses remaining is three or fewer, and the admin should contact A banner appears when adding users or viewing a role within the Admin Dashboard.

  4. No license key: This scenario could apply to a new instance, and the admin needs to contact No banner message is provided.

Tenant Permissions

Platform-wide permissions include access to specific modules (WriteupsDB, Assessments, etc.), the Account Admin section, platform settings, and user management. These permissions are specific to platform access and assigned in the Role Based Access area of the Admin Dashboard.

Users may be assigned to more than one role. Tenant permissions are additive. Adding users to a less-privileged role does not remove other roles or restrict permissions.

Within a tenancy, the following business rules apply:

  • Administrator: A tenant administrator can access all tools, modules, and UI elements on the platform (all aspects of the Admin Dashboard).

  • Standard User: A standard user can access all modules and UI elements outside the Admin Dashboard.

  • Analyst: An analyst user cannot access the Content Library or Runbooks modules. Additionally, most UI elements that provide create or edit capabilities are unavailable.


Admin user permissions can be viewed by clicking the Administrator box on the Security: Role Based Access page.

An administrator is PlexTrac's highest permission role, and admins have complete control and access over every part of the application.

Standard User

Click the Standard User box on the Security: Role Based Access page to view standard user permissions.

The differences between Standard User and Administrator roles:

  • No access to Administration Access

  • No access to Account information

  • No access to Custom Templates

  • No access to Email Settings

  • No access to General Settings

  • No access to Integration Settings

  • No access to Parser Actions

  • No access to License Management

  • No access to Security

  • No access to Style Guides

  • No access to Tags Management

  • View only permissions for client users (cannot create or delete client users)

  • View only permissions on Customizations (cannot credit, edit, or remove)

  • Cannot manage repositories in the Content Library

  • View only ability on Priorities (cannot create, delete or edit)

  • View only ability on priority scoring equations (cannot create, delete, or edit)

Analyst User

Analyst user permissions can be viewed by clicking the Analyst box on the Security: Role Based Access page.

Analysts have the same restrictions as Standard Users, plus the following:

  • View only permissions for assessment questionnaires

  • Cannot delete assessments

  • Cannot add or remove reviewers from assessments

  • Cannot create or delete clients

  • Can only view client assets (cannot create, import, delete or edit assets)

  • Cannot manage client users

  • Can only view or export reports

  • Can only update or view report findings

  • Cannot access report procedures

  • Can only view runbook engagements (no access to other sections of runbooks)

  • Cannot access Content Library

Client Permissions

Client-based permissions are specific to using and accessing Clients, Reports, and Findings. These permissions are assigned on a client level, and more information can be found by visiting the Clients module documentation.

The role assigned to a user at the client level sets the client, reports, and findings permissions for that client.

In the context of a client, the following business rules apply:

  • Administrator: A client administrator can edit any data associated with the client, such as the client record, assets, and reports, and manage access of client users.

  • Standard User: A standard user can edit any data associated with the client, such as the client record, assets and reports.

  • Analyst: An analyst user can view client assets and related data, reports in published status, upload and delete artifacts in reports, and change the remediation status of findings.

Last updated

© 2024 PlexTrac, Inc. All rights reserved.