Hi @msedlak - Thanks for your question! Without knowing more about your specific use case or configurations, in the case of manually managing Application Vulnerable Items (AVIs), certain roles can resolve or close AVIs using the available UI action buttons (in the Workspace and in the Classic UI) out of the box, and this will depend on the state of the AVI as well. See more in this product documentation: Application Vulnerable Item (AVI) states. This could be impacted by additional configurations you have set.

You will see in the following product documentation: Application Vulnerability Response user groups and roles that the Security Champion user group has roles to read and write AVIs assigned to them (sn_vul.app_read_assigned and sn_vul.app_write_assigned), while the App-Sec Manager user group can read and write all AVIs (sn_vul.app_read_all and sn_vul.app_write_all).

I hope these resources are helpful! Let me know if you have additional comments or questions.