Roles & Permissions
SecureHive uses role-based access control (RBAC) to ensure team members see only what they need. Roles can be assigned manually or synced automatically via SCIM group mapping.
Built-in Roles
| Role | Access Level |
|---|---|
| Owner | Full access to all features, settings, billing, and user management |
| Admin | Full feature access, user management, no billing access |
| Security Manager | All operational planes, no settings or user management |
| Auditor | Read-only access to risk, compliance, and audit modules |
| Analyst | Risk register, vulnerability management, and reporting |
| Viewer | Read-only dashboards and reports |
Custom Roles
Create custom roles under Settings → Roles & Permissions to match your organization’s structure. Custom roles allow granular control over:
- Plane access — Which operational planes a role can see
- Module permissions — Read, write, delete, and approve within each module
- Data scope — Filter visibility by business unit, region, or team
- Export controls — Whether a role can export data or generate reports
SCIM Group Mapping
When SCIM is configured, map your IdP groups to SecureHive roles:
Azure AD Group → SecureHive Role
─────────────────────────────────────────
SH-Admins → Admin
SH-Security-Team → Security Manager
SH-Auditors → Auditor
SH-Leadership → ViewerGroup mappings are configured under Settings → Identity & Access → Group Mapping.
Last updated on