Documentation Index
Fetch the complete documentation index at: https://docs.zenable.io/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Zenable uses Role-Based Access Control (RBAC) to manage who can do what within your organization. The system follows these principles:
- Permissions are atomic actions (e.g., “edit requirements”)
- Roles bundle permissions together (e.g., “Admin” has many permissions)
- Users are assigned roles directly or via identity provider groups
System Roles
Zenable provides six predefined roles that cover common access patterns:
| Role | Description | Key Capabilities |
|---|
| Viewer | Read-only access | View requirements, users, integrations, settings |
| Contributor | Create and edit content | All Viewer permissions + write/export requirements |
| Admin | Full admin access (billing read-only) | All Contributor + manage users, roles, integrations, audit logs |
| Owner | Complete access | All Admin + billing management |
| Billing Administrator | Financial access | View everything + manage billing and invoices |
| Security Auditor | Audit + governance access | View/export audit logs, view requirements, guardrails, and governance |
Custom roles are available on Enterprise plans. Contact us to learn more.
RBAC Audit Logging
RBAC Audit logging is available on Professional and Enterprise plans only. Log exporting requires an Enterprise plan.
audit:read permission.
Role Permission Matrix
| Permission | Viewer | Contributor | Admin | Owner | Billing Admin | Security Auditor |
|---|
| requirements:read | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| requirements:write | | ✓ | ✓ | ✓ | | |
| requirements:delete | | | ✓ | ✓ | | |
| requirements:export | | ✓ | ✓ | ✓ | | |
| context:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| context:write | | ✓ | ✓ | ✓ | | |
| scopes:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| scopes:write | | ✓ | ✓ | ✓ | | |
| guardrails:read | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| guardrails:write | | ✓ | ✓ | ✓ | | |
| findings:read | ✓ | ✓ | ✓ | ✓ | | |
| findings:manage | | ✓ | ✓ | ✓ | | |
| users:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| users:invite | | | ✓ | ✓ | | |
| users:remove | | | ✓ | ✓ | | |
| users:manage_roles | | | ✓ | ✓ | | |
| billing:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| billing:manage | | | | ✓ | ✓ | |
| billing:view_invoices | | | | ✓ | ✓ | |
| audit:read | | | ✓ | ✓ | | ✓ |
| audit:export | | | ✓ | ✓ | | ✓ |
| governance:read | ✓ | ✓ | ✓ | ✓ | | ✓ |
| governance:manage | | | ✓ | ✓ | | |
| governance:delete | | | ✓ | ✓ | | |
| integrations:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| integrations:manage | | | ✓ | ✓ | | |
| settings:read | ✓ | ✓ | ✓ | ✓ | ✓ | |
| settings:manage | | | ✓ | ✓ | | |
| feature_flags:read | | | ✓ | ✓ | | |
| feature_flags:manage | | | ✓ | ✓ | | |
| marketplace:publish | | | | | | |
| requirements:approve | | ✓ | ✓ | ✓ | | |
| guardrails:approve | | ✓ | ✓ | ✓ | | |
| approvals:read | ✓ | ✓ | ✓ | ✓ | | |
| approvals:feedback | | ✓ | ✓ | ✓ | | |
| approvals:manage | | | ✓ | ✓ | | |
| company:manage | | | | ✓ | | |
Permissions by Category
Requirements
| Permission | Description |
|---|
requirements:read | View and search requirements |
requirements:write | Create and edit requirements |
requirements:delete | Permanently delete requirements and associated guardrails |
requirements:export | Export requirements to external formats |
Deleting a requirement is permanent and also deletes all guardrails associated with that requirement. This action cannot be undone.
Context
| Permission | Description |
|---|
context:read | View reviewer contexts at customer and tenant levels |
context:write | Create, edit, and delete reviewer contexts |
Scopes
| Permission | Description | Minimum Tier |
|---|
scopes:read | View scope definitions | Professional |
scopes:write | Create, edit, and delete scope definitions | Professional |
Guardrails
| Permission | Description | Minimum Tier |
|---|
guardrails:read | View guardrails | Professional |
guardrails:write | Create, edit, and delete guardrails | Professional |
Findings
| Permission | Description | Minimum Tier |
|---|
findings:read | View code review findings and resolutions | Professional |
findings:manage | Create, update, and resolve findings | Professional |
Users
| Permission | Description |
|---|
users:read | View team members |
users:invite | Invite new users |
users:remove | Remove users from tenant |
users:manage_roles | Assign and revoke roles |
Billing
| Permission | Description |
|---|
billing:read | View billing information |
billing:manage | Modify subscription |
billing:view_invoices | Download invoices |
Audit
| Permission | Description | Minimum Tier |
|---|
audit:read | View audit logs | Professional |
audit:export | Export audit logs | Enterprise |
Governance
| Permission | Description | Minimum Tier |
|---|
governance:read | View governance domains and evidence | Professional |
governance:manage | Create and edit governance domains and map requirements to them | Professional |
governance:delete | Delete governance domains from the tenant taxonomy | Professional |
Deleting a governance domain is permanent. Requirements mapped to the domain must be reassigned or explicitly unmapped as part of the deletion flow.
Integrations
| Permission | Description |
|---|
integrations:read | View configured integrations |
integrations:manage | Add, remove, configure integrations |
Settings
| Permission | Description |
|---|
settings:read | View tenant settings |
settings:manage | Modify tenant configuration |
Feature Flags
| Permission | Description |
|---|
feature_flags:read | View feature flags |
feature_flags:manage | Enable/disable feature flags |
Marketplace
| Permission | Description | Minimum Tier |
|---|
marketplace:publish | Publish new versions of marketplace requirements | Enterprise |
Approvals
| Permission | Description | Minimum Tier |
|---|
requirements:approve | Cast a binding approve/reject decision on requirement proposals | Professional |
guardrails:approve | Cast a binding approve/reject decision on guardrail regeneration requests | Professional |
approvals:read | View approval flows, pending requests, and the full feedback thread (everything is transparent — no per-record hiding) | Professional |
approvals:feedback | Submit non-binding feedback (vote up/down, add commentary) on an approval request | Professional |
approvals:manage | Create, edit, and archive approval flow definitions | Professional |
Company
| Permission | Description |
|---|
company:manage | Manage company-wide settings that apply across every tenant (owner only) |
