Roles on the Intigriti platform define how users interact with your organization, its programs and submissions. Roles are assigned at two levels: company level and program level. Understanding this distinction helps you grant the right access while keeping responsibilities clearly separated.
Company roles
Company roles determine a user’s access at the organization level.
Company Admin
The company admin role provides full visibility and control over the organization. Users with this role are typicaclly responsible for managing the overall setup rather than day-to-day program work.
This role is best suited for users who:
Need access to the admin panel
Manage users, assets, integrations, or budgets
Oversee multiple programs across the organization
In practice, this role is often assigned to CISOs or senior members of the security team. In smaller teams, program managers may also hold this role to avoid fragmented access.
💡 Note: The company admin role is assigned during your onboarding. From that point on, you can start inviting company members and assigning the appropriate roles.
Company Member
Company members do not have access to organization-wide settings. Their access is limited to the programs they are explicitly added to.
This role is ideal for users who:
Work on specific programs only
Do not need access to company-level configuration
Have responsibilities defined at program level
Developers, security engineers, security analysts and wider stakeholders are typically added as company members and granted program-specific roles as needed.
⚠️ Beware: Company members do not have access to any programs by default. To grant access, you need to add them to one or more programs and assign the appropriate program role, or invite them directly from the program.
Program roles
Program roles define what a user can do within a specific program. A company member can have different roles across different programs.
Program Admin
The program admin role is intended for users who are responsible for running and maintaining a program. This role fits users who:
Own the program, its setup and evolution
Coordinate testing activities and researcher engagement
Oversee submissions and rewards
Actively review and process submissions
Depending on team size, this role may be assigned to program managers or senior security analysts. In some organizations, these users may also be company admins.
Program Editor
Program editors actively work within a program but do not need full control over all settings. This role works well for users who:
Help manage program content and updates
Actively review and process submissions
Do not need access to all administrative controls
Program editors are commonly security team members who support daily operations.
Program Member
Program members are involved in hands-on work within a program, especially around submissions. This role is suitable for users who:
Assist with reviewing and handling submissions
Need visibility into program activity
Do not manage program configuration
This role is often assigned to junior security team members.
Program Reader
Program readers have read-only access and are primarily focused on visibility rather than action.This role is useful for users who:
Need insight into findings and reports
Do not participate in program management or submission handling
Require access for awareness or collaboration
Engineers supporting remediation and wider stakeholders are commonly added as program readers.
Best practices
Assign company admin roles sparingly and only to users who need organization-wide access.
Use program roles to tailor access instead of granting broad permissions at company level.
Choose roles based on responsibility, not seniority alone.
Review roles regularly and adjust access as team responsibilities evolve.
Use the program reader role to share visibility without increasing risk.
Related articles