User Roles & Types
Stairwell provides Role Based Access Control (RBAC) with four distinct user roles. Each role determines what a user can see and do across your organization and its environments.
User Types
| Role | Description |
|---|---|
| Admin | Full privileges. Can create and manage users, service accounts, tokens, environments, and organization settings. Admin is the default role for new users. |
| User | Standard access. Can view and interact with all data in the platform but cannot create or manage users, service accounts, or tokens. |
| Read Only | View-only access. All permissions are downgraded to read only. Commonly used for auditors or stakeholders outside the security team who need visibility without interaction. |
| Disabled | No access. The account is deactivated but retained in the system to preserve references to audited events and activity history. |
Role Permissions
Admin users have full control at the organization level, including:
- Creating and managing user accounts
- Assigning and changing user roles
- Generating and revoking authentication tokens
- Creating and managing environments
- Updating organization settings
User accounts can perform most day-to-day operations within the platform -- viewing assets, running searches, creating detection rules, and working with threat intelligence -- but cannot perform administrative actions.
Read Only accounts can view all data available to standard users but cannot modify, create, or delete any resources.
Disabled accounts cannot log in or access the platform in any capacity. Stairwell retains disabled accounts rather than deleting them to avoid broken references in audit trails.
Note: Forwarder Service Accounts are a special user type tied to File Forwarder tokens. Disabling a Forwarder Service Account does not disable its linked tokens, but it prevents the token from registering future assets. Disabling the user who originally created a Forwarder Service Account has no effect on the token.
Managing User Roles
Only Org Admins can change user roles. To update a user's role:
- Go to https://app.stairwell.com and log in.
- Click the Settings icon in the left menu.
- Select the Users tab.
- Click the pencil icon next to the user you want to manage.
- In the submenu that appears, select the desired role: Admin, User, Read Only, or Disabled.
- Confirm the change.
Regularly audit Admin-level accounts to maintain a least-privilege access control model. Only grant Admin access to users who require it for their responsibilities.
Updated 3 days ago