Organization API Key Scopes

When creating an API key in the organization settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.

ScopeDescription
botEnables communication between a Repeater and the Bright engine
files:readAllows reading files from the storage and verifying targets
files:writeAllows managing files in the storage, for example, uploading or deleting them
groups:adminProvides unrestricted access to all organization groups, including the possibility to assign a role to a group and view all group members.
groups:deleteAllows deleting groups
groups:manageAllow managing groups, for example creating a new group or editing an existing group
groups:readAllows viewing information about groups that a user has been added to
integration.repos:readAllows viewing associated repositories, for example, GitHub repositories, Slack channels, or Jira boards
issues:manageAllows managing detected issues, for example assigning a user to an issue, marking an issue as resolved, or retesting an issue
issues:readAllows viewing detected issues
org:readAllows viewing basic information about an organization
org:writeAllows editing basic information about an organization and managing its basic settings, for example, enforcing MFA.
org.memberships:manageAllows managing organization members, for example adding a member to an organization, deleting a member from an organization, or viewing a member’s profile
org.memberships:readAllows viewing members of an organization
projects:deleteAllows deleting projects
projects:manageAllows managing projects, for example creating a new project or editing an existing one
projects:readAllows viewing members of an organization
projects:deleteAllows deleting projects
projects:manageAllows managing projects, for example creating a new project or editing an existing one
projects:readAllows displaying available projects. This scope is required for running a scan
repeaters:readAllows viewing organization’s repeaters
repeaters:writeAllows creating, editing, and deleting a repeater, as well as testing repeater connection to a network
roles:readAllows viewing a list of roles
roles:writeAllows creating and editing custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only
scansProvides unrestricted access to scan management
scans:deleteAllows deleting scans
scans:manageAllows managing scans, for example editing scan settings or retesting a scan
scans:readAllows viewing existing scans
scans:runAllows running scans
scans:stopAllows stopping scans
scimEnables user and group provisioning from ADFS to a Bright organization
scripts:readAllows viewing repeater’s scripts
scripts:writeAllows creating, editing, and deleting scripts