Roles and permissions
Roles control who can view, assess, and administer your Forest workspace, so the right people own the right work.
Last updated June 1, 2026
Forest uses roles to control what each person can see and do. Matching roles to responsibilities keeps your assessment accurate and your workspace secure.
Why roles matter
A baseline is only as good as the people scoring it. You want domain owners assessing the capabilities they actually run, leaders reviewing the results, and a smaller group holding administrative control. Roles let you grant the right level of access without handing everyone the keys.
Common levels of access
Most workspaces organize access along three lines:
Administrative access. Manage the workspace, invite and remove people, set roles, and configure organization settings.
Contributor access. Complete and update assessments, score capabilities, and work within assigned domains.
View access. See scores, benchmarks, and roadmaps without changing the underlying data.
Choosing the right fit
Give people the least access they need to do their job. A CISO reviewing the Forest Score may only need to view results, while a domain owner needs contributor access to the capabilities they manage. Reserve administrative access for the few who manage the workspace itself.
Because Forest scoring is deterministic and traceable, you can see how an assessment changed. Clear roles keep that history meaningful by ensuring the right person made each change.
Review your roles before you start adding people. When you are ready, see Inviting your team.