Managing Access Scopes

api-keys

✅

Allows creating personal API keys

auth-objects

✅

Provides unrestricted access to authentication objects management

auth-objects:read

✅

✅

✅

Allows viewing authentication objects

auth-objects:test

✅

✅

✅

Allows testing an authentication object during its configuration

auth-objects:write

✅

✅

✅

Allows creating, editing, and deleting authentication objects

auth-providers

✅

Allows configuring SSO providers (okta, Google, ADFS)

bot

✅

✅

✅

Enables communication between a Repeater and the Bright engine

comments

✅

✅

Allows viewing and managing comments in scans and issues

comments:read

✅

✅

Allows viewing comments in scans and issues

comments:write

✅

✅

Allows editing and deleting comments in scans and issues

discoveries

✅

✅

✅

✅

Provides unrestricted access to discoveries

discoveries:delete

✅

✅

✅

Allows deleting discoveries

discoveries:manage

✅

✅

✅

Allows editing discoveries

discoveries:read

✅

✅

✅

✅

Allows viewing existing discoveries

discoveries:run

✅

✅

✅

Allows running discoveries

discoveries:stop

✅

✅

✅

Allows stopping discoveries

entry-points

✅

✅

✅

✅

Provides unrestricted access to entry points

entry-points:manage

✅

✅

✅

✅

Allows creating, editing, deleting, testing and previewing changes made to entrypoints

entry-points:read

✅

✅

✅

✅

Allows viewing entry points

field:set-clear-text

✅

Allows setting fields as clear test

field:set-masked

✅

Allows setting fields as masked

field:unmask

✅

Allows unmasking sensitive fields

files:read

✅

✅

✅

✅

Allows reading and downloading files from the storage

files:write

✅

✅

✅

✅

Allows to associate files with projects, clone files, upload or delete them

groups:admin

✅

✅

Provides unrestricted access to all organization groups

groups:delete

✅

✅

✅

Allows deleting groups

groups:manage

✅

✅

✅

Allows creating new groups, editing existing groups, adding members to groups, assigning roles to groups

groups:read

✅

✅

✅

Allows viewing groups

integration.repos:manage

✅

Allows choosing the severity level of issues to be opened in integrated services

integration.repos:read

✅

✅

✅

✅

Allows viewing resources of the integrated services, for example, GitHub repositories, Slack channels, or Jira boards

integrations:read

✅

Allows viewing a list of available and enabled integrations

integrations:write

✅

Allows enabling integrations with services like GitHub, Gitlab, Slack, Jira, or Azure

issues:manage

✅

✅

✅

✅

Allows execution and saving scan issues as new

issues:read

✅

✅

✅

✅

Allows viewing detected scan issues

logs

✅

✅

Allows viewing the personal activities log

org

✅

Provides unrestricted access to organization management

org:read

✅

✅

✅

Allows viewing basic information about an organization: organization name and quotas. This scope is required for running and managing scans

org:write

✅

✅

✅

Allows editing company name and enforcing MFA

org.api-keys

✅

Allows creating organization API keys (tokens)

org.logs

✅

✅

✅

Allows viewing the organization's activities log

org.memberships:manage

✅

✅

✅

Allows adding a member to an organization, editing member's details, and deleting a member from an organization

org.memberships:read

✅

✅

✅

Allows viewing members of an organization

org.scans-templates

✅

✅

Allows unrestricted access to all scan templates

projects-issues:write

✅

✅

✅

✅

Allows users to manage project issues: to change severity, status, and assignee

project.api-keys

✅

Allows creating project-level API keys

projects:admin

✅

Provides unrestricted access to project management

projects:create

✅

✅

✅

Allows to create projects

projects:delete

✅

✅

✅

Allows deleting projects

projects:edit

✅

✅

✅

✅

Allows editing project name, number of concurrent scans, adding associated GitHub or Gitlab repositories, Slack channels, Azure or Jira boards, managing webhooks

projects:read

✅

✅

✅

✅

Allows viewing of available projects and project issues. This scope is required for running a scan

repeaters:read

✅

✅

✅

✅

Allows viewing organization’s repeaters

repeaters:write

✅

✅

✅

✅

Allows creating, editing, and deleting a repeater, as well as testing repeater connection to a network

reports:read

✅

Allows viewing scan reports

reports:write

✅

Allows managing configuration of PDF reports

roles:read

✅

✅

✅

Allows viewing a list of roles

roles:write

✅

✅

✅

Allows creating, editing, and deleting custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only

scan-labels:manage

✅

✅

✅

✅

Allows editing labels in scans that are already running or have been finished

scans

✅

✅

✅

✅

Provides unrestricted access to scan management. org:read scope is also required to run and manage scans

scans:delete

✅

✅

✅

✅

Allows deleting scans

scans:manage

✅

✅

✅

✅

Allows editing scan settings

scans:read

✅

✅

✅

✅

Allows viewing existing scans

scans:run

✅

✅

✅

✅

Allows running and retesting scans

scans:stop

✅

✅

✅

✅

Allows stopping scans

scans-templates

✅

✅

✅

Provides unrestricted access to scan templates management

scans-templates:read

✅

✅

✅

Allows viewing existing scan templates

scans-templates:write

✅

✅

✅

Allows creating, editing, and deleting custom scan templates

scim

✅

Enables user and group provisioning from ADFS and Okta to a Bright organization

scripts:read

✅

✅

✅

✅

Allows viewing repeater’s scripts

scripts:write

✅

✅

✅

✅

Allows creating, editing, and deleting repeater’s scripts

user

✅

✅

Allows reading and editing user’s own personal details including consents, date settings, and notifications. Required for API authorization

user:read

✅

✅

Allows viewing user’s own personal details

user:write

✅

✅

Allows users to edit their own personal details, for example, change names, emails, and passwords