Organizations, Users and Roles

With the introduction of Role-Based Access Controls, the ThreatSTOP platform adds the ability to grant access to multiple users to an account.

Organizations accounts are the contains for the configuration - policies, devices, user-defined lists, reports, SIEM settings. Features available to an organization are managed through its subscriptions. Users are now independent from organizations. A user can have access (via a role) into any number of organizations. Users can be granted multiple roles and roles can be revoked from a user by an organization’s administrators. Roles are a set of permissions that grant access to product features using the ThreatSTOP Admin Portal. If a user has multiple roles within an organization, the permissions are combined (added).

Note that the permissions managed through RBAC are independent from the permissions granting access to API services by API tokens.

Predefined and custom roles

  • Every ThreatSTOP organizations have 5 predefined roles that can’t be changed.
  • The creation of custom roles in an organization requires the organization to have an active subscription that includes the Advanced RBAC feature.

The predefined roles are:

Role Description
Owner Full administrator (All permissions)
Reporter View reports and create, edit or delete email reports
Report Viewer Read-only access to reports
Report and Policy Manager Reporter plus edit policies, including list of targets and user-defined lists
Help Desk Manager Reporter plus edit contents of user-defined lists

Note that multiple users can have the owner role. However, the must be at least one owner. If there is only one user with the Owner role, the role can’t be unassigned from that user.


If a user is assigned a role within an organization, the permissions to view the list of devices, the list of policies and the list of user-defined lists are implied. All users are also given access to the Portal dashboard.

The following permissions can be assigned to a role:

System Configuration

Permissions Description
Manage Devices Add, edit and delete device entries
Manage Device Configuration Edit settings of existing device entries
View Devices Read-only access to device configuration settings
Manage Policies Add, edit and delete policies
Manage Policy Configuration Edit policy configuration settings
View Policies Read-only access to policy configuration settings
Manage User-Defined Lists Add, edit and delete user-defined lists and their contents
View UDLs Read-only access to user-defined list configurations
Manage API Keys Add, edit and delete API keys
View API Keys View API key tokens and settings

Analysis features

Permissions Description
View Check IOC Access to the Check IOC feature
Manage Log Upload User can upload log files for devices
View Reports Acccess reporting features
Manage Reports Create email reports and triggers
Manage SIEM Integration Configure export to SIEM systems

Account settings

Permissions Description
Manage Users Assign/unassign roles from users
Manage Roles Customize roles (requires subscription)
Manage Company Settings Change organization settings (e.g. company name)
View Company Settings Read-only view of organization settings

RBAC API Services

There are five API services related to the configuration of the RBAC features.

  • /access_objects is used to retrieve the list of permissions supported by the system.
  • /roles/ is used to create and retrieve roles
  • /roles/<organization identifier>/permissions is used to retrieve or update the permissions for the selected role
  • /accounts/ to retrieve the list users that a role in the organization identified by the API Token.
  • /accounts/<user identifier>/roles is used to grant or remove a role from the selected user, for the organization identified by the API Token.