Roles and permissions

Three roles are encoded on your Portal JWT:

• Viewer — read-only. Sees everything; cannot create, edit or delete.
• Analyst — read + create/edit/delete most records: risks, controls, policies, evidence, vendors, assets, audits, incidents, BCP plans, vulnerabilities, reports, link tables.
• Admin — everything Analyst can do, plus framework activation, Settings, Email delivery configuration, Webhooks.

Your role is stored in the Portal; your Blankitt administrator can change it through the Portal UI.