Permissions
Pestle uses Role-Based Access Control (RBAC) to manage what users can see and do within the system.
Permission Model
Permissions in Pestle are structured around:
- Folders - Containers for organizing data (projects, departments, etc.)
- Roles - Sets of permissions (Reader, Editor, Owner, etc.)
- Role Assignments - Linking users/groups to folders with specific roles
Built-in Roles
| Role | Permissions |
|---|---|
| Reader | View all data within the folder |
| Contributor | Reader + Create and edit own items |
| Editor | Contributor + Edit any item in the folder |
| Owner | Editor + Manage folder settings and permissions |
| Administrator | Full system access across all folders |
Folder Structure
Organize your data hierarchically:
Organization (Root)
├── IT Security
│ ├── SOC 2 Assessment
│ └── Vulnerability Management
├── Privacy
│ ├── GDPR Compliance
│ └── CCPA Compliance
└── Operations
└── Business ContinuityPermissions cascade down the folder hierarchy. Access to a parent folder grants access to child folders.
Assigning Permissions
To Individual Users
- Navigate to the folder
- Click Settings → Permissions
- Click Add User
- Select the user and role
- Save changes
To User Groups
- Navigate to the folder
- Click Settings → Permissions
- Click Add Group
- Select the group and role
- All group members receive the assigned role
Object-Level Permissions
Beyond folders, permissions can be set on specific objects:
Task Assignments
Users assigned to tasks can view and update those specific tasks even without broader folder access.
Assessment Participation
Users can be invited to specific assessments with limited scope.
Permission Inheritance
- Child folders inherit parent permissions by default
- Explicit permissions on child folders override inheritance
- Users get the highest permission level from all their assignments
Viewing Effective Permissions
To see what a user can actually access:
- Go to Settings → Users
- Click on the user
- View the Effective Permissions tab
- Shows all folders and their access level
Best Practices
- Use groups over individuals - Easier to manage at scale
- Follow least privilege - Grant minimum necessary access
- Review regularly - Audit permissions quarterly
- Document decisions - Record why permissions were granted
- Use folder hierarchy - Organize by team or project for cleaner permissions
Troubleshooting Access Issues
If a user can't access something they should:
- Check their effective permissions
- Verify group memberships
- Check for explicit denies at lower folder levels
- Ensure the object exists in an accessible folder