This article explains how to share findings in the Cye Exposure Management Platform so others can view, comment on, and collaborate on them — and who is allowed to manage that access.
Overview
When a finding is created, it is visible only to its creator. To let others work on it, you share it explicitly — with selected individuals or more broadly with users who have engagement-level access.
Default visibility of a new finding
New findings are created in Draft status.
They are shared only with the creator, who is automatically added to the Restricted members list.
No other users — including admins or engagement members — can see the finding until they are added through sharing.
Sharing modes
A finding can be shared in one of two modes:
Restricted members — only the users you add can view or work on the finding. Admins, engagement-level users, and CYE service team members have no access unless they are explicitly added.
Anyone with permission — the finding is visible to all members of the associated engagement and any users invited through sharing. This mode supports only Viewer and Editor access — no group sharing or admin privileges.
You can switch between the two modes at any time, and a user in Anyone with permission can also be added to the Restricted members list — giving them access through both.
Role-based permissions
When you share a finding, you grant each person a finding-level role that controls what they can do with that specific finding:
Role | Can do… |
Admin | Full control over the finding — editing, sharing, and deleting |
Editor | Rename the finding, add remediation assets, import from CSV, share with others, comment, and create Jira tickets (if Jira is integrated) |
Viewer | View the finding and add comments from the right pane |
In the main menu, Editors may not see the Add comment option but can still create Jira tickets if Jira is integrated.
Who can share or change permissions
Whether you can share a finding or change its sharing at all depends on your platform role (set across the organization or engagement) — not the finding-level role above. Administrator here is a platform-wide role, distinct from the finding-level Admin in the table above. To manage sharing, the finding must be shared either as Anyone with permission, or as Restricted members with the user assigned as an Administrator or Editor. Beyond that:
User type | Conditions | What they can do |
Editor (company- or engagement-level) | Shared as Editor in Restricted members mode, or part of Anyone with permission | Share the finding and change its permission mode |
Power User | Editor role with company- or engagement-level access | Share findings and change permission mode |
Administrator (company or engagement level) | No additional roles required | Share findings individually or in bulk, and update permission modes across multiple findings |
At the engagement level, Editors with Finding & Graph Initiator permissions can also share a finding.
A user granted Editor or Administrator access through sharing can re-share the finding, change its permission mode, and assign others as Viewers or Editors.
For full definitions of every platform and finding-level role, see Roles and Permissions in the Cye Exposure Management Platform.
Change a member's permission level
You can update a member's role at any time:
Open the Share with members window.
Use the dropdown next to the member's name to change their role (for example, Viewer → Editor).
To remove a member instead, see Managing Share Access.
Share with pending users
You can share findings with users who have been invited to the platform but haven't activated their account yet — once they log in, they automatically gain access to anything shared with them. Sharing is not available at the group level; add members individually.
Sharing behaviors to know
Status doesn't affect sharing — you can share a finding in any status (Draft, Open, Fixed).
Visibility is permission-based — if you don't have access to a finding, its data won't appear in dashboards, reports, or the Org. Attack Graph.
Every share action is audited — see Finding Audit & History Visibility.
Share count — in the finding's right pane, the number next to the Share icon shows how many members currently have access.
When you change a finding's status from Draft to Open, the platform reminds you to set share-level permissions so the right people can access it.
Wrap-up / Next Steps
Choose a sharing mode and assign roles based on who needs to view, edit, or manage the finding.
Share a finding once you move it past Draft.
To remove access, see Managing Share Access; to review sharing history, see Finding Audit & History Visibility.