Roles & Permissions
Catchify uses a role-based access system to ensure each team member sees and does only what they need to. This keeps your security data organized and prevents accidental changes by team members who do not need full access.
Available Roles
There are two main roles in Catchify:
Manager
Managers have full access to everything in the portal. This role is designed for security leaders, CISOs, and team leads who need complete visibility and control.
Managers can:
View all projects, findings, and reports
Manage bug bounty programs
Approve quotes and view invoices
Invite and manage team members
Configure integrations
Request retests
Access the wallet and manage payments
Member
Members have customizable access based on the specific permissions you assign. This role is ideal for developers, project managers, compliance staff, and other team members who need access to specific parts of the portal.
Permission Details
When assigning the Member role, you can enable or disable the following permissions:
View Findings
See security findings across projects
Add Comments
Add comments to findings and reports
View Invoices
Access invoice history and download PDFs
Manage Team
Invite, edit, and remove team members
Manage Integrations
Set up and configure Slack, Jira, and webhook integrations
Request Retest
Submit retest requests after fixes are applied
View Assets
See the list of assets and scope information for projects
Upload Files
Attach files and documents to findings and projects
View Quotes
Access quotes and their details
Only Managers can change roles and permissions for other team members. If you need your permissions updated, ask a Manager on your team.
Recommended Setups
Here are some common permission configurations for different roles in your organization:
CISO / Security Director
Role: Manager
Full access to the portal. CISOs and security directors typically need to see everything, approve quotes, manage the team, and oversee the entire security testing program.
Security Engineer / Analyst
Role: Member
View Findings
Yes
Add Comments
Yes
Request Retest
Yes
View Assets
Yes
Upload Files
Yes
View Invoices
No
Manage Team
No
Manage Integrations
No
View Quotes
No
Security engineers need to work directly with findings -- reviewing them, adding context, and requesting retests after fixes.
Developer / Engineering Lead
Role: Member
View Findings
Yes
Add Comments
Yes
Request Retest
Yes
View Assets
Yes
Upload Files
Yes
View Invoices
No
Manage Team
No
Manage Integrations
No
View Quotes
No
Developers need to see findings and their reproduction steps so they can implement fixes. They should also be able to request retests.
Project Manager
Role: Member
View Findings
Yes
Add Comments
Yes
View Invoices
Yes
View Assets
Yes
View Quotes
Yes
Request Retest
No
Manage Team
No
Manage Integrations
No
Upload Files
No
Project managers need visibility into findings for planning and tracking, along with access to quotes and invoices for budget management.
Compliance / Audit
Role: Member
View Findings
Yes
View Invoices
Yes
View Assets
Yes
View Quotes
Yes
Add Comments
No
Request Retest
No
Manage Team
No
Manage Integrations
No
Upload Files
No
Compliance team members typically need read-only access to findings, invoices, and reports for audit and regulatory purposes.
Changing Roles and Permissions
To update a team member's role or permissions:
Go to the Team page
Click Edit next to the team member
Change their role or adjust individual permissions
Click Save Changes
Changes take effect immediately.
Be careful when granting the Manage Team permission. Team members with this permission can invite new members and change permissions for others.
Best Practices
Follow the principle of least privilege -- Give each team member only the permissions they need for their job
Review permissions quarterly -- As roles change within your organization, update portal permissions accordingly
Have at least two Managers -- Ensure you have a backup Manager in case one is unavailable
Document your setup -- Keep an internal record of who has what access and why
A well-organized team setup with appropriate permissions ensures security data is accessible to those who need it while staying protected from unauthorized access.
Last updated