Role-based access control
Jutsu authorizes every request against two layers of roles — what you hold inside an organization and a platform-level role on your account — and evaluates all data access within a single organization boundary.
Two role layers
Organization member roles
Your role within an organization determines what you can do with that organization's data. The defined roles are:
| Role | Purpose |
|---|---|
owner | The organization's owner. Full control, including settings and ownership-level actions. One owner per organization. |
admin | Administers the organization, its members, and its settings. |
member | Default role for a newly added member. |
analyst | General security analyst. |
l1_analyst | First-line triage. |
l2_analyst | Takes escalations and drives response. |
l3_analyst | Deep investigation and senior review. |
The tiered analyst roles map onto an escalation workflow: L1 triages, L2 takes escalations and runs response, and L3 owns the hardest investigations. Higher tiers generally include the abilities of lower ones.
Platform roles
Your account also carries a platform-level role that applies across Jutsu, independent of any single organization:
| Role | Purpose |
|---|---|
user | Default account role. |
analyst | Platform analyst. |
admin | Platform administrator. |
super | Super-admin — operates the platform itself, including administrative areas that span tenants. |
Middleware guards
Access is enforced by layered middleware on the API, evaluated in order:
- Authentication guard. Requires a valid session token, loads the current user, and rejects unauthenticated or deactivated accounts with
401/403. - Super-admin guard. Restricts platform-administration routes to accounts whose platform role is
super; everyone else receives403. - Organization-owner guard. Restricts ownership-level actions on an organization to that organization's owner (super-admins are also allowed). A non-owner acting on the organization receives
403.
Because the guards run in sequence, a request must clear authentication before any role check, and role checks are evaluated against the organization the request is scoped to.
Role × capability matrix
The following summarizes capabilities by organization role at a sensible granularity. Higher analyst tiers inherit the abilities of lower ones.
| Capability | member | analyst / l1 | l2 / l3 | admin | owner |
|---|---|---|---|---|---|
| View alerts & incidents | Yes | Yes | Yes | Yes | Yes |
| Triage & investigate cases | — | Yes | Yes | Yes | Yes |
| Run / approve response actions | — | — | Yes | Yes | Yes |
| Manage integration credentials | — | — | — | Yes | Yes |
| Manage members & roles | — | — | — | Yes | Yes |
| Organization & billing settings | — | — | — | — | Yes |
The exact permission a given role carries is enforced in your deployment. This matrix describes the intended division of duties; confirm specific permissions against your environment.
Multi-tenant isolation
Jutsu is multi-tenant. Every record — events, alerts, incidents, cases, credentials, and reports — is scoped to an organization, and access is always evaluated within that boundary. A user can belong to several organizations and holds an independent member role in each. A valid session for one organization never grants access to another organization's data; the request's organization context, combined with the member role, decides what is visible and permitted.