Organization API Key Scopes

When creating an API key in the organization settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.

Scope Description
bot Enables communication between a Repeater and the Bright engine.
files:read Allows reading files from the storage and verifying targets.
files:write Allows managing files in the storage, for example uploading or deleting them.
groups:admin Provides unrestricted access to all organization groups, including the possibility to assign a role to a group and view all group members.
groups:delete Allows deleting groups.
groups:manage Allow managing groups, for example creating a new group or editing an existing group.
groups:read Allows viewing information about groups that a user has been added to.
integration.repos:read Allows viewing associated repositories, for example GitHub repositories , Slack channels, or Jira boards.
issues:manage Allows managing detected issues, for example assigning a user to an issue, marking an issue as resolved, or retesting an issue.
issues:read Allows viewing detected issues.
org:read Allows viewing basic information about an organization.
org:write Allows editing basic information about an organization and managing its basic settings, for example, enforcing MFA.
org.memberships:manage Allows managing organization members, for example adding a member to an organization, deleting a member from an organization, or viewing a member’s profile.
org.memberships:read Allows viewing members of an organization.
projects:delete Allows deleting projects.
projects:manage Allows managing projects, for example creating a new project or editing an existing one.
projects:read Allows displaying available projects. This scope is required for running a scan.
repeaters:read Allows viewing organization’s repeaters.
repeaters:write Allows creating, editing, deleting a repeater, as well as testing repeater connection to a network.
roles:read Allows viewing a list of roles.
roles:write Allows creating and editing custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only.
scans Provides unrestricted access to scan management.
scans:delete Allows deleting scans.
scans:manage Allows managing scans, for example editing scan settings or retesting a scan.
scans:read Allows viewing existing scans.
scans:run Allows running scans.
scans:stop Allows stopping scans.
scim Enables user and group provisioning from ADFS to a Bright organization.
scripts:read Allows viewing repeater’s scripts.
scripts:write Allows creating, editing and deleting scripts.

Did this page help you?