Roles
The Roles feature in My OPSWAT Portal leverages Role-Based Access Control (RBAC) to manage user permissions effectively. This enhances security by ensuring users have access only to the resources necessary for their role, minimizing unnecessary access and improving permission management.
Administrators can assign Predefined Roles or Create Custom Roles tailored to specific organizational needs, offering flexibility and granular control over permissions.
Predefined Roles

My OPSWAT Portal includes three predefined roles to cover core user management needs:
Super Admin
- Holds the highest level of permissions, with full control over all organizational functions.
- Each organization can have only one (1) Super Admin, automatically assigned to the first Admin added.
- Super Admins can transfer their role exclusively to another Admin, ensuring continuity and accountability.
Admin: Holds almost all organizational permission, with a few exceptions reserved for the Super Admin.
User: Primarily a viewer role, allowing access to organizational information with limited editing and update capabilities.
Custom Roles and Permissions
Authorized users can create, modify, or delete roles with permissions tailored to their organization's needs. Roles can be assigned "None", "View Only" or "Full Access" permissions across various functional areas, referred to as Role Objects.
Key fields for role configuration:
- Name: Required field, unique within the organization
- Description: A short summary describing the role’s purpose.
- Role Objects & Permissions: Default permissions for all Role Objects are set to "None" but can be customized.

Here’s a breakdown of key Role Objects and their permissions:
Critical Alert Users: This role object is found on the My Organization > Critical Alert Users tab.
- None: No access to critical alert users list.
- View Only: View the list of email list subscribed to receive critical alerts.
- Full Access: Add or remove email subscriptions for critical alerts.
Event History: This role object is found under My Organization > Event History tab
- None: No access to event history data.
- View Only: Access the event history and view all recorded events, but no changes can be made.
License Management: This role object is found on the License Management page.
- None: The user can see License Management tab, but cannot see organization's licenses.
- View Only: View licenses of the current organization, including functions like "Active License" and "See Full License History."
- Full Access: Includes View Only permissions and adds the ability to download the "Active Deployment Report", "Edit license notes" and "View Organization's MetaDefender Cloud License"
License Management - Sub Organization: My OPSWAT Portal provides a setting at the parent organization level, managed by OPSWAT Admin, which allows authorized users to view and manage the licenses of sub-organizations. When this setting is enabled, this role object is displayed in the role detail.
- None: The user cannot view or manage sub-organization licenses. In their view, all licenses from both the parent and sub-organizations are shown together, without any separation or indication of which belong to sub-organizations.
- View only: View licenses of both the parent and sub-organizations, including functions like "Active License" and "See Full License History."
- Full Access: Includes View Only permissions and adds the ability to download the "Active Deployment Report", "Edit license notes" and "View Organization's MetaDefender Cloud License"
Note The user must have Full Access/View Only permission on "License Management" role object as a prerequisite to apply this permissionNote The "Edit License Notes" function is not available for viewing licenses of sub-organizations from the parent organization
License Management - Customer Organizations: This role object is found on the License Management > Customer Organizations tab if the Organization has linked to customer's Organization.
- None: No access to customer's licenses data.
- View Only: View licenses of the customer's organization, including functions like "Active License" and "See Full License History."
- Full Access: Includes View Only permissions and adds the ability to download the "Active Deployment Report", "Edit license notes" and "View Organization's MetaDefender Cloud License"
Organization General Information: This role object is found under My Organization > General Information tab
- None: No access to organization's general information.
- View Only: View organization's general information.
- Full Access: View and update the organization's general information.
Role Management: This role object is found under My Organization > Roles tab
- None: No access to organization's role data.
- View Only: View the list of roles in your organization, but cannot make any changes.
- Full Access: View and modify roles, including adding, editing, or removing them.
Security Management: This role object is found under My Organization > Security Management tab
- None: No access to security setting.
- View Only: View the security settings, but cannot make changes.
- Full Access: View and modify security settings
Support Service: This role object is found on the Support page.
- View Only: Access most support functions, except configuring organization case access.
- Full Access: Includes all support functions.
User Management: This role object is found under My Organization > Users tab
- None: No access to organization's user list.
- View Only: View the list of users within your organization, but cannot make any changes.
- Full Access: View and manage users, including adding, removing, or editing user details.