Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Cloud Security Posture Management (CSPM) service roles

Written by
Updated at October 16, 2025

With CSPM service roles, you can manage user access to the CSPM resources and their settings, as well as to the results of configuration compliance checks with security standards.

cspm.worker

The cspm.worker role allows the user to view the organization info, view the list of clouds and folders and their info as controlled resources of a Security Deck workspace.

The role is issued to the service account to perform checks for compliance with security standards configured in CSPM settings and extends to an organization, cloud, or folder.

cspm.auditor

The cspm.auditor role allows the user to view info on cloud infrastructure checks for compliance with security standards configured in CSPM settings.

cspm.viewer

The cspm.viewer role allows the user to view info on cloud infrastructure checks for compliance with security standards configured in CSPM settings, the results of such checks, and exceptions from related rules.

This role includes the cspm.auditor permissions.

cspm.editor

The cspm.editor role allows the user to manage cloud infrastructure checks for compliance with CSPM security standards and exceptions from related rules.

Users with this role can:

  • View info on cloud infrastructure checks for compliance with security standards configured in CSPM settings.
  • View the results of CSPM checks.
  • Create, suspend, resume, update, and delete CSPM checks.
  • View exceptions from CSPM check rules, create and delete such exceptions.

This role includes the cspm.viewer permissions.

cspm.admin

The cspm.admin role allows the user to manage cloud infrastructure checks for compliance with CSPM security standards and exceptions from related rules.

Users with this role can:

  • View info on cloud infrastructure checks for compliance with security standards configured in CSPM settings.
  • View the results of CSPM checks.
  • Create, suspend, resume, update, and delete CSPM checks.
  • View exceptions from CSPM check rules, create and delete such exceptions.

This role includes the cspm.editor permissions.

Previous
CIEM roles
Next
Access Transparency roles