Organization API Key Scopes
When creating an API key in the organization settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.
| Scope | Description |
|---|---|
bot | Enables communication between a Repeater and the Bright engine |
entry-points:read | Allows viewing entry point's details |
files:read | Allows reading and download files from the storage |
files:write | Allows to associate files with projects, clone files, upload or delete them |
groups:admin | Provides unrestricted access to all organization groups |
groups:delete | Allows deleting groups |
groups:manage | Allows creating new groups, editing existing groups, adding members to groups, assigning roles to groups |
groups:read | Allows viewing information about all groups of the organization |
integration.repos:read | Allows viewing associated GitHub or Gitlab repositories, Slack channels, Azure or Jira boards |
issues:manage | Allows execution and saving scan issues as new |
issues:read | Allows viewing detected scan issues |
org:read | Allows viewing basic information about an organization: organization name and quotas |
org:write | Allows editing company name and enforcing MFA |
org.memberships:manage | Allows adding a member to an organization, editing member's details and deleting a member from an organization |
org.memberships:read | Allows viewing members of an organization |
projects-issues:write | Allows users to manage project issues: to change severity, status, and assignee |
projects:delete | Allows deleting projects |
projects:manage | Allows creating a new project, editing project name, number of concurrent scans, adding associated GitHub or Gitlab repositories, Slack channels, Azure or Jira boards, manage webhooks, view project issues |
projects:read | Allows viewing available projects and project issues. This scope is required for running a scan. |
repeaters:read | Allows viewing organization’s repeaters |
repeaters:write | Allows creating, editing, and deleting a repeater, as well as testing repeater connection to a network |
roles:read | Allows viewing a list of roles |
roles:write | Allows creating, editing and deleting custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only |
scan-labels:manage | Allows editing labels in scans that are already running or have been finished |
scans | Provides unrestricted access to scan management |
scans:delete | Allows deleting scans |
scans:manage | Allows editing scan settings |
scans:read | Allows viewing existing scans |
scans:run | Allows running and retesting scans |
scans:stop | Allows stopping scans |
scim | Enables user and group provisioning from ADFS and Okta to a Bright organization |
scripts:read | Allows viewing repeater’s scripts |
scripts:write | Allows creating, editing and deleting repeater’s scripts |
Updated 8 months ago