auditor-role-template.md

Auditor role template

This is a Group-level read-only role, meaning an Auditor can only view certain areas and functions in Snyk and cannot create PRs, Projects, and more.

This role can view issues, results of scans, and reports. An Auditor often verifies that there is a scan snapshot for a particular resource or Snyk Project. The Auditor may be external to the company.

Group-level permissions

To create this role, enable the following permissions in the relevant categories:

Group Management

Permission	Enabled?
View Groups	true
Edit Group details	false
View Group settings	false
Edit settings	false
View Group notification settings	false
Edit Group notification settings	false

Organization management

Permission	Enabled?
View Organizations	true
Edit Organizations	false
Remove Organizations	false

AppRisk management

Permission	Enabled?
View AppRisk	true
Edit AppRisk	false

Audit Log management

Permission	Enabled?
View Audit Logs	true

Insights management

Permission	Enabled?
Access Insights	true

Reports management

Permission	Enabled?
View reports	true

Security and License Policies

Permission	Enabled?
View Policies	true
Create Policies	false
Edit Policies	false
Delete Policies	false

User management

Permission	Enabled?
View users	true
Invite users	false
Manage users	false
Add users	false
Provision users	false
User Leave	false
User Remove	false

The remaining categories of permissions listed below should have all permissions within them set to disabled:

• IaC settings management
• Issue management
• Request access management
• Role management
• Service account management
• Snyk Apps management
• Snyk Preview management
• SSO settings management
• Tags management

Organization-level permissions

To create this role, enable the following permissions in the relevant categories:

Organization management

Permission	Enabled?
View Organization	true
Edit Organization	false
Remove Organization	false

Audit Log management

Permission	Enabled?
View audit logs	true

Collection management

Permission	Enabled?
View Collections	true
Create Collection	false
Edit Collections	false
Delete Collections	false

Container Image management

Permission	Enabled?
View container image	true
Create container image	false
Edit container image	false

Integration management

Permission	Enabled?
View integrations	true
Edit integrations	false

Project management

Permission	Enabled?
View Project	true
Add Project	false
Edit Project	false
Edit Project status	false
Test Project	false
Move Project	false
Remove Project	false
View Project history	true
Edit Project integrations	false
Edit Project attributes	false
View Jira issues	true
Create Jira issues	false
Edit Project Tags	false

Project Ignore management

Permission	Enabled?
View Project Ignores	true
Create Project Ignores	false
Edit Project Ignores	false
Remove Project Ignores	false

Reports management

Permission	Enabled?
View Organization reports	true

Snyk Cloud management

Permission	Enabled?
View environments	false
Create environments	false
Delete environments	false
Update environments	false
View scans	true
Create scans	false
View resources	true
View artifacts	true
Create artifacts	false
View Custom Rules	false
Create Custom Rules	false
Edit Custom Rules	false
Delete Custom Rules	false

Webhook management

Permission	Enabled?
View Outbound Webhooks	true
Create Outbound Webhooks	false
Remove Outbound Webhooks	false

The remaining categories of permissions listed below should have all permissions within them set to disabled:

• Billing management
• Entitlement management
• Kubernetes Integration management
• Package management
• Project pull request management
• Service account management
• Snyk Apps management
• Snyk Preview management
• User management