Overview
This guide explains how Hyver handles roles and permissions — both at the platform and engagement level. Knowing who has access to what helps ensure your team collaborates effectively and securely. It also clarifies what’s required to create or edit key elements like findings, graphs, and engagements.
Platform Roles
These apply across the entire Hyver organization.
Administrator
Full platform access, including user management, integrations, and settings. Only admins can configure SSO, add threat sources and business assets, and manage company-wide settings.
Power User
Can create and manage engagements, assets, and findings — with the right engagement-level permissions.
Needs the Findings & Graph Initiator permission to work with the Mitigation Graph
Automatically becomes an Engagement Administrator for any engagement they create
Can share findings using either:
Anyone with permission — visible to all engagement members
Restricted members — shared with specific users only
User
Read-only access to dashboards, data, and exports.
Engagement Roles
These roles apply within specific Hyver engagements.
Administrator
Can fully manage the engagement: activate/delete it, manage users, and edit content.
Editor
Can edit and manage engagement content (e.g. findings, graph, plans) but cannot manage users.
Needs Findings & Graph Initiator permission to create or link findings
Cannot see the Members and Groups tab
Viewer
Can view and export data but cannot make changes.
Working with Findings
Viewing Findings
To see a finding, you must:
Be a member of the engagement
Have at least view permissions for the finding
The finding must be shared with you (either via Anyone with permission or Restricted members)
Creating Findings
To create a finding, you must:
Have an Editor role
Have the Findings & Graph Initiator permission
Associate the finding with an engagement you’re a member of
Editing Findings
To edit a finding, it must be shared with you — and you must have Editor or Administrator share permissions.
Graph Editing Permissions
To work with the Mitigation Graph, the following applies:
Power users and administrators with Findings & Graph Initiator can edit the graph
To create or delete edges:
You need Editor + Findings & Graph Initiator permissions
To add findings from the graph view:
Same permissions as above
Only administrators can add Threat sources and Business assets to the graph
To see findings on the graph:
You must be part of the relevant engagement
The finding must be shared with you (at least view level)
Sharing Permissions for Findings
When a finding is shared, the following permissions can be assigned:
Viewer
Can view findings
Can add comments
Editor
Can view and rename findings
Can create Jira tickets (if integrated)
Can import remediation assets from CSV
Can share findings and add comments
Administrator
Full control over the finding
Managing Integrations and SSO
Only administrators can add integrations
SSO setup (e.g. Okta) must be configured under Settings > Company Profile by an admin
Important notes
Engagement-level permissions are separate from platform roles. A Power User on the platform still needs proper permissions in each engagement.
If you create an engagement, you automatically become its administrator.
Wrap-up / Next Steps
Roles and permissions in Hyver are designed to support flexibility while protecting sensitive data. If you’re ever unsure what you can access or edit, check your role or talk to an admin. You’ll likely have everything you need — and if not, permissions can be updated quickly.