Safeguard.sh Documentation Center
Portal

User Roles

Understanding Portal user roles and permissions

Portal User Roles

Portal uses role-based access control to manage what users can do within the SBOM management platform.

Role Overview

Portal has four primary roles:

RoleDescription
AdminFull Portal administration
ManagerManage products, SBOMs, and sharing
ContributorCreate and edit content
ViewerRead-only access

Role Permissions

Admin

Full access to all Portal features:

PermissionAccess
Manage Settings
Manage Users
Manage Products
Manage SBOMs
Share Externally
View Analytics
API Access
Audit Logs

Manager

Manage content and sharing:

PermissionAccess
Manage SettingsLimited
Manage Users
Manage Products
Manage SBOMs
Share Externally
View Analytics
API Access
Audit LogsView Only

Contributor

Create and edit content:

PermissionAccess
Manage Settings
Manage Users
Manage ProductsCreate/Edit Own
Manage SBOMsCreate/Edit Own
Share ExternallyWith Approval
View AnalyticsLimited
API AccessLimited
Audit Logs

Viewer

Read-only access:

PermissionAccess
Manage Settings
Manage Users
Manage ProductsView Only
Manage SBOMsView Only
Share Externally
View Analytics
API AccessRead Only
Audit Logs

Detailed Permission Matrix

Product Permissions

ActionAdminManagerContributorViewer
Create Product
Edit Any Product
Edit Own Product
Delete ProductOwn Only
View Products
Manage VersionsOwn Only

SBOM Permissions

ActionAdminManagerContributorViewer
Upload SBOM
Edit SBOMOwn Only
Delete SBOMOwn Only
View SBOM
Export SBOM
Enrich SBOM

Sharing Permissions

ActionAdminManagerContributorViewer
Share ExternallyApproval
Share Internally
Revoke ShareOwn Only
View SharesOwn Only
Approve Requests

Administration

ActionAdminManagerContributorViewer
Manage Users
Manage SettingsLimited
View Audit Logs
Manage API KeysOwn OnlyOwn Only
Configure Integrations

Assigning Roles

Invite with Role

When inviting users:

  1. Go to SettingsUsers
  2. Click + Invite User
  3. Enter email address
  4. Select role
  5. Click Send Invite

Change Role

Modify existing user's role:

  1. Go to SettingsUsers
  2. Find the user
  3. Click on their role
  4. Select new role
  5. Confirm change

Custom Roles

Creating Custom Roles

For granular control, create custom roles:

  1. Go to SettingsRoles
  2. Click + New Role
  3. Name the role
  4. Select permissions
  5. Save role

Custom Role Permissions

Select from available permissions:

Products

  • products.create
  • products.edit
  • products.delete
  • products.view

SBOMs

  • sboms.upload
  • sboms.edit
  • sboms.delete
  • sboms.view
  • sboms.export

Sharing

  • sharing.external
  • sharing.internal
  • sharing.approve
  • sharing.revoke

Administration

  • admin.users
  • admin.settings
  • admin.audit
  • admin.integrations

External User Roles

Customer Roles

External customers have different roles:

RoleDescription
Customer AdminManage their organization's access
Customer UserAccess shared content

Customer Permissions

ActionCustomer AdminCustomer User
View Shared SBOMs
Download SBOMsPer Share
Request SBOMs
Manage Their Users

Role Best Practices

Assignment Guidelines

ScenarioRecommended Role
Security team leadAdmin
Product ownersManager
DevelopersContributor
AuditorsViewer
Compliance teamManager or Viewer

Principle of Least Privilege

  • Start with lowest needed role
  • Elevate only when necessary
  • Review roles periodically
  • Revoke when no longer needed

Role Reviews

Regular role audits:

  1. Go to SettingsUsers
  2. Review user list
  3. Check last activity dates
  4. Verify roles are appropriate
  5. Remove inactive users

API Access by Role

API Scopes

RoleAPI Scopes
AdminAll scopes
Managerread, write, share
Contributorread, write (own)
Viewerread

Generating API Keys

  1. Go to ProfileAPI Keys
  2. Click + New Key
  3. Key inherits your role permissions
  4. Additional scope restrictions optional

Troubleshooting

"Access Denied" Errors

  • Verify user has correct role
  • Check permission matrix
  • Confirm resource ownership
  • Review custom role settings

Role Not Applying

  • User may need to log out/in
  • Clear browser cache
  • Check for conflicting permissions
  • Verify role assignment saved

Next Steps

Portal Settings

Configure Portal preferences and organization settings

Third Party Risk Manager

Transform vendor risk from blind spot to strategic advantage

On this page

Portal User RolesRole OverviewRole PermissionsAdminManagerContributorViewerDetailed Permission MatrixProduct PermissionsSBOM PermissionsSharing PermissionsAdministrationAssigning RolesInvite with RoleChange RoleCustom RolesCreating Custom RolesCustom Role PermissionsExternal User RolesCustomer RolesCustomer PermissionsRole Best PracticesAssignment GuidelinesPrinciple of Least PrivilegeRole ReviewsAPI Access by RoleAPI ScopesGenerating API KeysTroubleshooting"Access Denied" ErrorsRole Not ApplyingNext Steps