Managing Custom Roles

Creating a custom role

You can create a custom role with specific access scopes and assign it to a new or an existing user (member) of your organization. Therefore, all the created users can be granted different scanning and management permissions.

Initially, the list of roles includes only the default options. View the Description column to check the access permissions provided by each role.

📘

Note

Only the Admin and Owner default roles allow creating and managing custom roles. A Team Lead can only view the custom roles created by an Admin or an Owner

To create a custom role with specific permissions, follow these steps:

  1. In the upper-right corner of the ROLES section, click + Create Role.

  1. In the Create Role dialog box, do the following:

a. In the Name field, enter a role name.
b. (Optional). In the Description field, enter a short description of the permissions that a user assigned to this role will be granted.
c. Select the access scopes for the role. You can find more information here.
The list of scopes available for selection depends on your role. You cannot select the roles you do not have access to (such scopes are grayed out).
d. Click Create.
The created role is added to the end of the list. Please switch to another list page or set an extended number of items to be shown on a page to view the recent custom roles.

Selecting a custom user scopes

The Bright app allows you to create custom roles with specific access permissions. When creating a custom role to be assigned to a new or an existing user, you can predefine access permissions for this role by selecting the relative scopes. The following table describes the permissions each scope provides.

ScopeGuestUserBilling ManagerTeam LeaderAdmin
activities+++++
api-keys+++++
auth-objects+++
auth-objects:read++++
auth-objects:test+++
auth-objects:write+++
auth-providers
billing+
comments+++
comments:read++++
comments:write+++
entry-points:read++++
files:read++++
files:write+++
groups:admin
groups:manage++
groups:read+++++
groups:delete
integrations:read
integrations:write
integration.repos:read++++
integration.repos:manage++
issues:manage+++
issues:read++++
logs++++
org
org:read++++
org:write
org.api-keys
org.memberships:manage++
org.memberships:read+++++
payments
payment-methods+++
plans+
products+
projects:admin
projects:delete
projects-issues:write++
projects:manage++
projects:read+++++
project.api-keys++
repeaters:read++++
repeaters:write+++
reports:read++++
reports:write
roles:read++
roles:write
scans+++
scans:delete+++
scans:manage+++
scans:read++++
scans:run+++
scans:stop+++
scans-templates+++
scans-templates:read++++
scans-templates:write+++
scan-labels:manage++
scripts:read++++
scripts:write++
subscriptions+
user+++++
user:read+++++
user:write+++++

Editing a custom role

You can edit a custom role, for example, change the description and access scopes.

📘

Note

The default roles are read-only, you cannot edit or delete them.

To edit a custom role, do the following:

  1. Click next to the role you want to edit, and then select Edit.

  1. In the Edit Role dialog box, make changes to the role and click Save.

Deleting a custom role

To delete a custom role, do the following:

  1. In the ROLES list, click next to the role you want to delete.
  2. From the dropdown list, select Delete.

🚧

The users assigned to the role that you have deleted automatically lose their permissions and become Guests.