Roles & Permissions
Control who can do what in your TrueConfig organization with role-based access control.
Role-Based Access Control
TrueConfig uses five predefined roles to control access. Each user in your organization is assigned exactly one role. Roles determine what features a user can see and what actions they can perform.
Available Roles
Owner
Full access to all features including ownership transfer and billing management.
Best for: Organization creator or primary administrator
Admin
Full access except billing management and ownership transfer.
Best for: IT managers, team leads, secondary administrators
Security Admin
Security operations access. Can manage tenants, baselines, and remediation but not users or billing.
Best for: SecOps engineers, SOC analysts, security specialists
Member
View-only access to findings plus ability to run scans.
Best for: Read-only team members, auditors, stakeholders
Billing Admin
Billing and subscription management only. No access to security data.
Best for: Finance team, procurement, accounts payable
Permission Matrix
Detailed breakdown of what each role can access:
Security Operations
| Permission | Owner | Admin | Sec Admin | Member | Billing |
|---|---|---|---|---|---|
| View findings & dashboard | |||||
| Acknowledge drift events | |||||
| Resolve drift / rollback | |||||
| Run manual scans |
Configuration
| Permission | Owner | Admin | Sec Admin | Member | Billing |
|---|---|---|---|---|---|
| Manage tenant connections | |||||
| Manage security baselines | |||||
| Configure remediation rules |
Organization
| Permission | Owner | Admin | Sec Admin | Member | Billing |
|---|---|---|---|---|---|
| Invite & manage team members | |||||
| Organization settings | |||||
| Transfer ownership |
Billing & Audit
| Permission | Owner | Admin | Sec Admin | Member | Billing |
|---|---|---|---|---|---|
| View billing & invoices | |||||
| Manage subscription | |||||
| View audit logs | |||||
| Export data |
Role Hierarchy
Roles in TrueConfig are not strictly hierarchical. Instead, they represent different access patterns:
Administrative Path
Full organizational control, user management, and settings
Security Operations Path
Security-focused access without administrative privileges
Finance Path
Billing-only access, isolated from security data
Managing Roles
Assigning Roles
- 1.Go to Settings → Members in your TrueConfig dashboard
- 2.Click the role badge next to any team member
- 3.Select the new role from the dropdown
Best Practices
Principle of Least Privilege
Assign users the minimum role they need. A security analyst who only needs to view findings should be a Member, not an Admin.
Separate Billing Access
Use the Billing Admin role for finance team members who need to manage subscriptions but shouldn't see security data.
Multiple Owners
Consider having at least two users with Owner access to ensure business continuity if one is unavailable.
Regular Reviews
Periodically review team member roles to ensure they still match job responsibilities, especially after role changes.