Getting Started
Roles and what you can do
What you can see and do in ThreatWeaver depends on the role your administrator gave you and on which modules your organization has. This page explains the common roles in plain terms so you know what to expect — and who to ask when you need more access.
Your own role is shown in your account menu (click your initial in the top-right corner). If an area you need is missing from your navigation, it's because your role or your plan doesn't include it yet.
How access works
ThreatWeaver combines two things to decide what you see:
- Your plan — the set of modules your organization has enabled. Anything not in your plan appears with a lock icon, or not at all.
- Your role — what you're allowed to do within the modules you can reach: view only, make day-to-day changes, or administer the whole workspace.
Because of this, two people in the same company can see different navigation. That's expected.
The common roles
Most people fall into one of three broad roles. Your organization may use different names, but the shape is the same.
| Role | Best for | What it's centered on |
|---|---|---|
| Executive viewer | Leaders who want the numbers, not the knobs | Reading dashboards and reports |
| Analyst | Practitioners doing the daily security work | Investigating and acting on findings |
| Administrator | Owners who configure the workspace | Managing people, data sources, and settings |
Executive viewer
An executive viewer is focused on understanding posture at a glance. They typically can:
- Open dashboards and read the KPI summary, risk score, and trends.
- Filter a dashboard by time range and other controls to explore the numbers.
- Open and read reports that have been shared with them.
- Download or export the reports they've been given, where their plan allows.
They generally don't change data sources, edit shared dashboards for everyone, or manage users — those are administrator tasks.
Analyst
An analyst does the hands-on security work. On top of everything a viewer can do, an analyst typically can:
- Investigate vulnerabilities and assets, and drill from a dashboard chart into the exact filtered list behind it.
- Work through remediation and fix planning where those modules are enabled.
- Build their own dashboards and custom widgets, and share them with their team.
- Run and review scans and findings, depending on the modules in your plan.
An analyst usually works within the workspace an administrator has set up, rather than changing workspace-wide configuration.
Administrator
An administrator owns the workspace configuration. In addition to analyst abilities, an administrator typically can:
- Manage users and their roles, and set up single sign-on and automated user provisioning.
- Connect and manage data sources, and control how often data syncs.
- Configure workspace-wide settings, notification routing, and licensing.
- Set defaults that affect what everyone sees, such as which dashboard filters are available.
Administrators see an Admin area in the navigation that other roles don't.
What to do if you're missing access
If you can't reach something you need:
- Confirm your role in your account menu.
- Check whether the area shows a lock icon — that means it isn't part of your plan.
- Ask your ThreatWeaver administrator to adjust your role or enable the module.