Roles & access
This page explains how Jutsu isolates data by organization and what each role is allowed to do. Use it to decide which role to grant when you invite a teammate.
Organizations
Jutsu is multi-tenant. Every piece of data — events, alerts, incidents, cases, credentials, and reports — is scoped to an organization, and access is always evaluated within that boundary. A user can belong to more than one organization, and their permissions are determined per organization. Each organization has a single owner.
Roles
Jutsu has two layers of roles: roles you hold within an organization, and a platform-level role on your user account.
Organization member roles determine what you can do inside an organization:
owner— the organization's owner, with full control.admin— administers the organization, members, and settings.member— the default role for a new member.analyst— a general security analyst.l1_analyst,l2_analyst,l3_analyst— tiered analyst roles for escalation workflows, from first-line triage (L1) up to senior investigation (L3).
Platform-level roles apply to your account across the platform:
user— the default account role.analyst— platform analyst.admin— platform administrator.super— super-admin, for operating the platform itself.
The exact permission a given role carries is enforced in your deployment. The table below describes the intended division of duties; confirm specific permissions against your environment.
What each role can do
The following table summarizes capabilities by organization role at a sensible granularity. Higher tiers generally include the abilities of lower ones.
| Capability | member | analyst / l1 | l2 / l3 | admin | owner |
|---|---|---|---|---|---|
| View alerts & incidents | Yes | Yes | Yes | Yes | Yes |
| Triage & investigate cases | — | Yes | Yes | Yes | Yes |
| Run / approve response actions | — | — | Yes | Yes | Yes |
| Manage integration credentials | — | — | — | Yes | Yes |
| Manage members & roles | — | — | — | Yes | Yes |
| Billing & organization settings | — | — | — | — | Yes |
The tiered analyst roles map onto escalation: L1 handles first-line triage, L2 takes escalations and drives response, and L3 owns deep investigation. When an organization has no automated response provider configured, qualifying alerts auto-escalate to a human analyst rather than running automatically.
Onboarding
New members join through invitation-based onboarding. An owner or admin sends an invitation, which carries the role the invitee will receive and moves through a pending, accepted, expired, or revoked status. New accounts complete email verification before gaining access. Once accepted and verified, the member appears in the organization with the assigned role and immediately inherits that role's access boundary.