Teams Permissions Structure

This article will cover the permission concept and structure of vRx Teams.

Key Security Elements

The User Management system consists of 3 elements:

1. Users

2. Roles

3. Teams

Simply put, Teams consist of Users who are assigned with Roles, that dictate what resources the users are assigned to and what are their allowed actions in vRx.

Teams Permissions

Teams consists of users and asset groups. Each user of the team will have one of of three roles (Owner, Admin, Viewer) in regards to the selected asset groups.

Note: A user can only have ONE role across the organization. For example, if Bob is a viewer in team A, he can't be an Owner or an Admin in team B.

Primary Team Members

The primary team is the main dashboard team and is created by default. Users who are members of the primary team can see and interact with all assets according to their defined Role.

Dashboard Defined Members

Users who are members of a created team (other than primary) can only see and interact with assets in the asset group assigned to their team. 

For example:

  1. Owner user create Asset Group "US Computers".
  2. Owner user create Team "US Admins" and links the team to the group "US Computers".
  3. Owner user invites a new user to "US Admins" team.
  4. When the new user will login to the dashboard, he will only see assets linked to "US Computer" Asset Group.

Teams Resources Scope

Each team can create and maintain its own resources without effecting  any other teams' resources. This means that each resource created in a team scope will not be visible to other teams, including the primary team members.

In any case, Activity Logs and Event Logs of an asset will be displayed for any team member with permission on the asset.


  • The Team main Asset Group(s) will be visible only to the primary team members and will not appear at the team scope.  
  • An asset can be a member of more than one asset group.

When created within a team, the following list of resources will be visible only in that team's scope:

  • Auto Actions.
  • Scheduled Patch Management actions.
  • Asset Groups (created within the team).
  • API Keys and other Integrations.
  • Uploaded Network Scans.


A dashboard configured with the following 3 teams:
1) Primary team

2) Team A (not primary)

3) Team B (not primary)

  • A group / auto action / schedule / etc. created by a primary team member, will not be visible to a not-primary team member, even if it consists of assets that are linked to that none primary team.
  • A group / auto action / schedule / etc. created by a none primary team member will not be visible to a primary team member.
  • A group/auto action/schedule etc. created by a member of team A , will not be visible to a member of team B
  • Activity logs of an auto action created by a member of team A will be visible to a primary team member 
  • Activity logs of an auto action created by a primary team member, will be visible to team A's member only If the action ran on an asset linked to team A.

Team Scope Change

Primary team members (and users which are associated to more than one team) can change their scope to view other Teams related resources.

To change your scope, at the top left dashboard panel, click on your organization name and select the team you wish to view.