Role Types
Permission Roles
Grant one or more capabilities. Every authorization decision in ThreatLab — server actions, API routes, and UI elements — is gated on a specific capability drawn from a permission role. A user can hold multiple permission roles; their effective capabilities are the combined set.
Title Roles
Display-only labels such as SOC Lead, Instructor, or Engineer. Title roles appear next to your name in the platform but carry no permissions and are never checked during authorization.
System Roles
Two roles are built into ThreatLab and cannot be modified or deleted:| Role | Kind | Capabilities |
|---|---|---|
| admin | Permission | All capabilities. Grants unrestricted access to every gated feature. |
| analyst | Permission | None by default. Assigned automatically to every new user on sign-up. |
Capabilities Reference
The table below lists every capability in ThreatLab, its display label, and what it authorises you to do:| Capability | Label | What it lets you do |
|---|---|---|
manage_users | Manage users | Edit user profiles, ban or unban accounts, and assign roles to other users. |
manage_exercises | Author exercises | Create new exercises and edit existing ones, including archive sections and steps. |
curate_paths | Curate learning paths | Promote learning paths to curated or onboarding status on the dashboard. |
manage_roles | Manage roles | Create custom roles and assign capabilities to them. |
view_status | View platform status | Access the Icinga-backed health dashboard at /admin/status. |
review_notebooks | Review notebooks | Read analysts’ private investigation notes for coaching and assessment. |
view_user_history | View user history | See any user’s exercise progress, completions, and notebook history from user management. |
manage_noise_logs | Manage noise logs | Create and schedule background noise log dispatch jobs that ship events to one or more SIEMs. |
force_siem_push | Force SIEM push | Bypass the exercise SIEM upload cooldown and force a fresh archive shipment on start or redo. |
Checking Your Own Capabilities
You do not need to memorise which roles you hold. ThreatLab surfaces your permissions in two practical ways:Contact your ThreatLab administrator to have roles assigned to your account. Administrators manage role assignments under Admin > Users.