> ## Documentation Index
> Fetch the complete documentation index at: https://gecko.security/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Teams & permissions

> Roles, the permission matrix, and how to invite your team.

Gecko has four built-in roles. Give each person the narrowest role that still
lets them do their job.

## Roles

<CardGroup cols={2}>
  <Card title="Admin" icon="user-shield">
    Team owners. Full control of settings, members, roles, identity (SSO/SCIM),
    repositories, scans, findings, integrations, and API keys.
  </Card>

  <Card title="Manager" icon="user-gear">
    Runs the security program day to day: members, repositories, scans, findings,
    schedules, workflows, rules, and integrations, without owning identity.
  </Card>

  <Card title="Member" icon="user">
    Does the work: runs scans and triages findings, but doesn't manage team
    configuration, roles, SSO, or integrations.
  </Card>

  <Card title="Read Only" icon="eye">
    Visibility without mutation, for stakeholders who need to see results and
    settings but not change them.
  </Card>
</CardGroup>

## Permission matrix

**Manage** = read and write · **View** = read only · **None** = no access.

| Resource        | Admin  | Manager | Member | Read Only |
| --------------- | ------ | ------- | ------ | --------- |
| Team settings   | Manage | View    | None   | None      |
| Members         | Manage | Manage  | None   | None      |
| Roles           | Manage | View    | None   | None      |
| SSO / SCIM      | Manage | View    | None   | None      |
| Repositories    | Manage | Manage  | View   | View      |
| Scans           | Manage | Manage  | Manage | View      |
| Vulnerabilities | Manage | Manage  | Manage | View      |
| Rules           | Manage | Manage  | View   | View      |
| Schedules       | Manage | Manage  | Manage | View      |
| Workflows       | Manage | Manage  | None   | None      |
| Integrations    | Manage | Manage  | None   | None      |
| API keys        | Manage | View    | View   | View      |
| Audit log       | None   | View    | None   | None      |

## Invite members

<Steps>
  <Step title="Send an invite">
    In **Settings** > **Members**, invite a teammate by email and assign a role.
  </Step>

  <Step title="They accept">
    The invite links to a join page showing your team. After signing in, they
    accept and land in the workspace.
  </Step>

  <Step title="Adjust roles any time">
    Change a member's role from the Members page as responsibilities shift.
  </Step>
</Steps>

<Tip>
  For larger teams, manage membership and roles automatically through
  [SCIM provisioning](/access/okta-saml-onboarding) instead of inviting people
  one by one.
</Tip>
