Team Management
Hawkra workspaces support collaborative security assessments with role-based access control. Workspace owners can invite team members, assign roles that control what each person can do, and remove members when their involvement is no longer needed.
How It Works
Team management in Hawkra uses an invitation-based system. Rather than directly adding users to a workspace, the owner sends an invitation that the recipient must accept. This ensures that users explicitly consent to joining a workspace and are aware of the role they have been assigned.
Invitations are sent by email address. The invited user must already have a Hawkra account -- they will need to register first if they do not have one. Each invitation has an expiration period, and pending invitations are automatically cancelled if the workspace is marked as Completed or Archived.
Inviting team members with the Editor or Remediation Analyst role requires the invited user to have a Premium subscription. Users on the free tier can only be invited as Viewers with read-only access.
Role-Based Access Control
Each workspace member is assigned one of four roles. The following table shows what each role can do:
| Permission | Owner | Editor | Remediation Analyst | Viewer |
|---|---|---|---|---|
| View assets and networks | Yes | Yes | Yes | Yes |
| View vulnerabilities | Yes | Yes | Yes | Yes |
| View audit log | Yes | Yes | Yes | Yes |
| Create/edit assets and networks | Yes | Yes | No | No |
| Create/edit vulnerabilities | Yes | Yes | Yes | No |
| Run scans | Yes | Yes | No | No |
| Import scan data | Yes | Yes | No | No |
| Manage credentials | Yes | Yes | No | No |
| Create/edit notes and documents | Yes | Yes | No | No |
| Manage compliance data | Yes | Yes | No | No |
| Edit workspace settings | Yes | Yes | No | No |
| Manage team members | Yes | No | No | No |
| Customize dashboard (save layout) | Yes | No | No | No |
| Delete workspace | Yes | No | No | No |
| Rotate encryption key | Yes | No | No | No |
The Remediation Analyst role is designed for stakeholders who need to track and update the remediation status of vulnerabilities without modifying the underlying assessment data. They can view all assets and vulnerabilities but can only edit vulnerability records -- not create or modify assets, networks, or other workspace data.
Key Actions
Inviting a Team Member
- Navigate to the workspace and open the Team or Members section.
- Click Invite Member.
- Enter the email address of the user you want to invite.
- Select the role to assign: Editor, Remediation Analyst, or Viewer.
- Click Send Invitation.
The invited user will see the invitation on their dashboard and can accept or decline it. Once accepted, they immediately gain access to the workspace with the assigned role.
You cannot invite someone as an Owner. Workspace ownership is determined at creation time and belongs to the user who created the workspace.
Viewing Pending Invitations
Workspace members can view all pending invitations for the workspace. This shows who has been invited, what role they were offered, and when the invitation expires. Owners can cancel pending invitations if needed.
Changing a Member's Role
- Open the Team section of the workspace.
- Find the member whose role you want to change.
- Select the new role from the role dropdown.
- Confirm the change.
Role changes take effect immediately. Note that you cannot change the owner's role, and you cannot promote any member to Owner.
Changing a member's role to Editor or Remediation Analyst requires that member to have a Premium subscription. If they are on the free tier, they can only be assigned the Viewer role.
Removing a Member
- Open the Team section of the workspace.
- Find the member you want to remove.
- Click the Remove button and confirm.
The removed member will immediately lose access to the workspace and all its data. This action is logged in the audit log.
You cannot remove the workspace owner. The owner is permanently associated with the workspace.
Tips and Notes
- Invitation-based flow -- Users must accept an invitation before gaining access. You cannot add someone to a workspace without their consent.
- One role per member -- Each member has exactly one role per workspace. A user who needs different levels of access across workspaces can have different roles in each.
- All changes are audited -- Invitations, role changes, and member removals are all recorded in the workspace audit log.
- Workspace status matters -- You can only invite members, change roles, or remove members when the workspace is in Active status. Completed and Archived workspaces do not allow team changes.
- Duplicate prevention -- You cannot send an invitation to someone who is already a member or who already has a pending invitation to the workspace.