Teams & Roles (RBAC)
On FOSSA, Role-Based Access Control (RBAC) is used to manage which features of the system a user has access to as well as which projects a user may access and what actions they're allowed to perform on those projects.
Enterprise Feature
This feature is only available in a FOSSA Enterprise subscription. Contact [email protected] for more details.
There are two kinds of roles: organization roles and team roles. You assign a user an organization role to give the user to access to all projects in your organization or to give the user permission to manage organization-level settings, such as billing settings. For users in teams, on the other hand, you give each user a role in each of their teams. Teams are used to give users access to certain projects and release groups.
Organization Roles
On the Users Settings page, you can assign a user one of four roles. A user may have the None role at the organization level yet be on a team, giving the user access only to projects and not organization-level features or settings.
Role | Permissions |
---|---|
Admin |
|
Editor |
|
Viewer |
|
None |
|
Note: By default, new users are created with a role of "Admin", but this is configurable on the Organization settings page.
These four organization roles are built-in and may not be edited or deleted.
Team Roles
On the Team Settings page, you can create new teams and manage which Users and Projects belong to each team. Users with a role of "Team Viewer", "Team Editor", or "Team Admin" must be added to a Team in order to see any Projects on FOSSA.
Note: Team permissions grant access to team projects. They do not include access to organizational-wide features like policies.
Role | Permissions |
---|---|
Team Admin |
|
Team Editor |
|
Team Viewer |
|
These three team roles are built-in and may not be edited or deleted.
Team Admins and Team Editors have full access to the metadata in the projects in their teams, but this does not extend to being permitted to edit dependencies because an edit to a dependency applies across the entire organization. So, in general, permission to edit a dependency requires an organization-level role such as Admin or Editor.
Custom Roles
FOSSA allows you to create custom roles at both the organization and the team level. Anytime you create a role, you choose the type of the role:


Once a role is created, its type cannot be changed. The kinds of permissions that can be included in the role depends on the role's type. Some organizational-level features, such as managing users, are possible only in organizational roles. Next, select all the permissions that users who have this role will have by way of the role:


Auto-Assign Roles with Single Sign On Providers
FOSSA can integrate with your SAML Identity Provider to automatically assign roles to Users and add them to Teams when integrated with Single Sign On.
User Role Auto-Assignment
Configure a 'role' attribute that contains the permission value of the associated user. The values that are accepted today are:
- 'admin'
- 'editor'
- 'viewer'
Team Auto-Assignment
Configure to include a 'teams' attribute in the SAML response. FOSSA will update the user to include users are only assigned to those teams. If the teams are not available in FOSSA, they will get created as part of the assignment process.
Please contact [email protected] for more information.
Updated about 1 year ago