Organization API Key Scopes

When creating an API key in the organization settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.

ScopeDescription
botEnables communication between a Repeater and the Bright engine
entry-points:readAllows viewing entry point's details
files:readAllows reading and download files from the storage
files:writeAllows to associate files with projects, clone files, upload or delete them
groups:adminProvides unrestricted access to all organization groups
groups:deleteAllows deleting groups
groups:manageAllows creating new groups, editing existing groups, adding members to groups, assigning roles to groups
groups:readAllows viewing information about all groups of the organization
integration.repos:readAllows viewing associated GitHub or Gitlab repositories, Slack channels, Azure or Jira boards
issues:manageAllows execution and saving scan issues as new
issues:readAllows viewing detected scan issues
org:readAllows viewing basic information about an organization: organization name and quotas
org:writeAllows editing company name and enforcing MFA
org.memberships:manageAllows adding a member to an organization, editing member's details and deleting a member from an organization
org.memberships:readAllows viewing members of an organization
projects-issues:writeAllows users to manage project issues: to change severity, status, and assignee
projects:deleteAllows deleting projects
projects:manageAllows creating a new project, editing project name, number of concurrent scans, adding associated GitHub or Gitlab repositories, Slack channels, Azure or Jira boards, manage webhooks, view project issues
projects:readAllows viewing available projects and project issues. This scope is required for running a scan.
repeaters:readAllows viewing organization’s repeaters
repeaters:writeAllows creating, editing, and deleting a repeater, as well as testing repeater connection to a network
roles:readAllows viewing a list of roles
roles:writeAllows creating, editing and deleting custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only
scan-labels:manageAllows editing labels in scans that are already running or have been finished
scansProvides unrestricted access to scan management
scans:deleteAllows deleting scans
scans:manageAllows editing scan settings
scans:readAllows viewing existing scans
scans:runAllows running and retesting scans
scans:stopAllows stopping scans
scimEnables user and group provisioning from ADFS and Okta to a Bright organization
scripts:readAllows viewing repeater’s scripts
scripts:writeAllows creating, editing and deleting repeater’s scripts