Breadcrumbs

Manage Roles in the Mend AppSec Platform

Overview

System Admins are responsible for managing user roles within the Mend Platform. This document provides a technical guide for System Admins to control and configure user roles effectively.

After assigning all relevant users to a particular group, you can assign a role to the group which will apply the required permissions to all its users.

Mend Platform Roles and Permissions

Role

Permissions

Admin

Organization Admins have full access to all features and configurations within the organizational scope. This includes user and group management, labels, scan configurations, applications, and projects. They can:

Application Admins can also create workflows, but only within their assigned application(s). These workflows are application-scoped and separate from organization-wide workflows defined by Org Admins.

Security Analyst

Security Analysts are responsible to the triage process of all security findings. They can review scans & findings data and take the needed actions to either resolve issues or suppress if needed.

Scan Manager

Scan Managers can execute security scans using Mend CLI or through the Repository Integrations. They can configure and change the organization structure by adding new applications/projects and making the needed structure changes.

Member

Members have access to Mend Platform for viewing purposes. They can review all available data in dashboards and drill-down to visualize projects, scans, and security findings data. Members can’t access administration or configuration capabilities and can’t impact data with actions.

Legal Analyst

This role allows users and groups to manually override a license and copyright assignment that was applied automatically during analysis.

Auditor

This role grants read-only access for integrations (service users), automations, or users who need visibility into Mend data without the ability to modify data or change settings in the platform.

Understanding Application-Scoped Roles and Default Group Access

By default, the built-in Admin and User groups grant their members access to all applications in the organization. However, this default behavior changes when application-scoped roles are introduced.

How Application-Scoped Roles Affect Default Access

When an application-scoped role is added to the Admin group, the default broad access for all other groups - including the default User group - is removed. After this point, users in those groups will no longer have access to any applications unless access is explicitly granted.

What this means in practice:

  • Once any application-scoped role exists in the Admin group, users in the User group (and any other non-admin groups) lose access to all applications.

  • To restore access, an application-scoped role must be explicitly added to each affected group for every application that group needs to access.

  • This behavior applies to the default User group and to any other custom non-admin groups.

Getting it done

Assign a Role to group(s)

  1. Log into the Mend AI-Native AppSec Platform.

  2. Click the settings gear in the top right corner of the page.

  3. Click Administration.

image-20231220-153011.png

  1. Click Groups in the Administration menu on the left.

    image-20251113-170157.png

  2. Click on the group name you would like to assign roles for.

  3. Click the Roles tab and then the + Add Role button.

    image-20251120-154340.png

  4. Select which roles to assign to the selected group. The roles can be assigned at the Organization level or a specific Application. Click the Add button to confirm your selection.

image-20260305-103936.png
Example: Assigning the Auditor Role at the Organization Level

Delete Group Role

  1. Select the relevant group in the Groups table.

  2. Click Roles.

  3. Unselect the role you would like to delete from a specific group.

    image-20251120-155450.png

  4. Click on the “OK” button in the pop-up message window to delete to Group Role.

image-20231214-043242.png