Roles & permissions — QorTrace Docs

·<3H$\HR%N$SQ&B█J13S▒$6Y$8Q%#6YR77F>69CS$*█C%9B1DY&#T5UY5WMD·0K?%7JUD6?4▒░QCPX40N9AU%1U0·8R%D9/F0CK&6AJY*7R3·5C2NWW/4&F0JQQA$6M█A%&U8▒PYXU95PWXNB\@··VU22·YXQ▒/UEG▓Q7$Q▒Q5H1W46RH*8█>/17P5MY▒█Z582MU&Z*8/0P9R$4GX*R2T▒90#·5FCPW8<E░▒0NEU░43@80▓%Q6$M▒7WN4▓7█WE?B<A81H$█&HB?KN>9SW<B<&5G62JQK?R6WCX#6CFJBMJG?WC<#N%AH&GB6%NP#6M3J·<3H$\HR%N$SQ&B█J13S▒$6Y$8Q%#6YR77F>69CS$*█C%9B1DY&#T5UY5WMD·0K?%7JUD6?4▒░QCPX40N9AU%1U0·8R%D9/F0CK&6AJY*7R3·5C2NWW/4&F0JQQA$6M█A%&U8▒PYXU95PWXNB\@··VU22·YXQ▒/UEG▓Q7$Q▒Q5H1W46RH*8█>/17P5MY▒█Z582MU&Z*8/0P9R$4GX*R2T▒90#·5FCPW8<E░▒0NEU░43@80▓%Q6$M▒7WN4▓7█WE?B<A81H$█&HB?KN>9SW<B<&5G62JQK?R6WCX#6CFJBMJG?WC<#N%AH&GB6%NP#6M3J

1111100100111000101111001111000100111110111100010000000011011010011001010010101110101100100000011011010111000110001111101101011000010000010010111010011011101101111111001100110111100000101000001111101111100001010011111100010100000001100101110011100001000100101010001100110011100100101100110010000111101001011000001001100011111001001110001011110011110001001111101111000100000000110110100110010100101011101011001000000110110101110001100011111011010110000100000100101110100110111011011111110011001101111000001010000011111011111000010100111111000101000000011001011100111000010001001010100011001100111001001011001100100001111010010110000010011000

What every role can and can't do — full RBAC matrix.

QorTrace uses an orthogonal RBAC model: every account user has a system role (drives raw permissions) and an optional team role (drives UX gating). Most customers only ever interact with the team role.

Team roles (what you'll see in the UI)

Role	Sees	Best for
Owner	Everything	The person paying the invoice
Security	Audits, scans, Atlas, monitoring, alerts, settings	CISO / appsec lead
Sales	Customer pipeline, consultations, leads, revenue, reports	Sales ops
Marketing	Customers, newsletter, drip campaigns, leads	Growth marketer
Execs	Revenue, customers, reports (read-only)	Founders, board observers
Wiki Editor	Wiki / Docs admin authoring	Tech writer, DevRel

What each role can DO (CRUD)

	Audits	Scans	Atlas	Billing	Team	Settings	Wiki
Owner	RW	RW	RW	RW	RW	RW	RW
Security	RW	RW	RW	R	R	RW	R
Sales	R	R	—	R	R	—	R
Marketing	—	—	—	R	R	—	RW
Execs	R	R	R	R	R	—	R
Wiki Editor	—	—	—	—	—	—	RW

R = read, W = write, — = no access. Wiki Editor is non-orthogonal — it adds wiki write permissions to whatever team role someone has.

Special protections

The Owner role can only be held by one person at a time. Transfer ownership in Account → Team → Transfer ownership (the new Owner must accept).
You cannot delete the Owner. To remove them, transfer ownership first.
Billing actions (cancel, change plan, update card) are Owner-only by default — Enterprise can grant specific members billing:write.

Audit-log scope

All actions are logged. Who can see the log?

Owner / Security: full audit log
Execs: high-level events (audits delivered, alerts fired) — no auth events
Sales / Marketing: their own actions only
Wiki Editor: wiki actions only

Export from Account → Settings → Audit log → Export (Pro+).

Custom roles (Enterprise)

Need a custom role? Enterprise tier lets you define your own:

Custom permission set
Custom sidebar visibility
Custom default-route mapping
Tied to a SAML group via SSO

Talk to your CSM or email enterprise@qortrace.com.