Skip to main content
SecurAtlas uses role-based access control to determine what each person in your workspace can see and do. This page covers the four workspace roles, how to invite team members, and how to manage existing access.
Each workspace should have only one Owner. If you need to transfer ownership, assign the Owner role to the new owner first, then change your own role to Admin. Workspaces with no Owner cannot be managed by internal members without MSP partner assistance.

Roles and permissions

RoleWho it’s forWhat they can do
OwnerThe primary account holder or security leadFull access: edit settings, manage billing, invite and remove all members including Admins, delete the workspace.
AdminSecurity managers or team leadsEdit all settings, invite and remove Members and Viewers, manage controls and evidence, access all reports. Cannot remove the Owner.
MemberDay-to-day security practitionersView and update controls, upload evidence, manage tasks, and view reports. Cannot edit workspace settings or manage team membership.
ViewerExecutives, stakeholders, or read-only reviewersRead-only access to controls, evidence, reports, and the risk dashboard. Cannot make any changes.
All settings sections that require Owner or Admin access display a Read-only badge when a Member or Viewer is logged in.

MSP and partner access

If your workspace is managed by an MSP or SecurAtlas partner, your partner’s users can access and edit your workspace settings without holding a direct membership role. This lets MSP teams manage your compliance program on your behalf without consuming a named seat. You can see which members are directly assigned in the Team Members section of Settings. Partner-managed access is separate and controlled through the MSP portal — contact your partner if you need to change that access.

Invite a team member

You must be an Owner or Admin to invite new members.
1

Open Settings

Go to Settings in the left navigation and scroll to Team Members.
2

Enter the email address

In the Invite a team member section, type the email address of the person you want to invite.
3

Select a role

Choose the role from the dropdown: Admin, Member, or Viewer. The Owner role cannot be assigned through the invite flow — it must be transferred from an existing Owner.
4

Send the invitation

Click Send Invite. SecurAtlas sends an invitation email to the address you entered. The invite appears in the Pending Invites list until it is accepted.
If the invitee does not already have a SecurAtlas account, they will be prompted to create one when they accept the invitation.

Pending invites

The Pending Invites list shows all invitations that have been sent but not yet accepted. Each entry shows the email address and the date the invite was sent. You can cancel a pending invite at any time by clicking Revoke next to the invite. The invitation link becomes invalid immediately. If an invitee does not receive the email, ask them to check their spam folder. You can resend by revoking the existing invite and sending a new one.

Manage existing members

To view or change the role of an existing member, scroll to the Team Members list in Settings. Each row shows the member’s name, email, and current role.
  • Change a role — Click the role badge or dropdown next to the member’s name and select a new role. The change takes effect immediately.
  • Remove a member — Click Remove next to the member. The user loses access to the workspace immediately. Their historical contributions (controls, evidence uploads, tasks) are preserved.
Owners can manage all roles. Admins can manage Members and Viewers, but cannot remove or demote other Admins or the Owner.

Next steps

Organization settings

Configure your organization profile, financial inputs, and evidence expiry.

Grant auditor access

Share a read-only view with external auditors without adding them as workspace members.