Access Control
Milou employs a flexible Role-Based Access Control (RBAC) system. This ensures team members have exactly the access they need.
Default Roles
Milou comes pre-seeded with standard roles. Note that these roles are just a starting point—you can modify these roles or create entirely new ones at any time through the Settings menu. The pre-seeded roles (admin, pentester) are designed to match Azure app roles for automatic permission assignment via SSO (see SSO/SAML Configuration).
| Role | Description |
|---|---|
| Admin | Full system access. Can manage all settings, users, and configurations. |
| Manager | Oversees operations. Can manage users, report templates, and clients. |
| Pentester | The standard operational role. Can create and manage their own assessments, write reports, and use testing tools. |
Permission Matrix
The following table illustrates the capabilities of the default roles.
| Feature | Permission | Admin | Manager | Pentester |
|---|---|---|---|---|
| Dashboard | View Statistics | ✅ | ✅ | ❌ |
| Assessments | View All (Platform-wide) | ✅ | ✅ | ❌ |
| Create & Manage Own | ✅ | ✅ | ✅ | |
| Generate Reports | ✅ | ✅ | ✅ | |
| Templates | View Library | ✅ | ✅ | ✅ |
| Create/Edit Templates | ✅ | ✅ | ❌ | |
| Clients | View Client List | ✅ | ✅ | ✅ |
| Manage Clients | ✅ | ✅ | ❌ | |
| Users | View Entire User List | ✅ | ✅ | ❌ |
| Manage Users | ✅ | ✅ | ❌ | |
| Report Designs | Manage Designs | ✅ | ✅ | ❌ |
| System | Full Configuration | ✅ | ❌ | ❌ |
Managing Roles
Administrators can customize access control via the Settings menu:
- Navigate to Users & Roles in the sidebar.
- Select the Roles tab.
- Create Role: Click to define a new role. You can:
- Name the role and provide a description.
- Select a "Parent Role" to inherit permissions from.
- Toggle specific permission categories or individual permissions.
- Edit Role: Click any existing role to adjust its privileges.
Changes to roles take effect immediately for all assigned users.