Personal API Key Scopes
When creating a personal API key in the user settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.
Scope | Description |
---|---|
auth-objects:read | Allows viewing authentication objects |
auth-objects:test | Allows testing an authentication object during its configuration |
auth-objects:write | Allows creating, editing, and deleting authentication objects |
bot | Enables communication between a Repeater and the Bright engine |
comments | Allows viewing and managing comments in scans and issues |
comments:read | Allows viewing comments in scans and issues |
comments:write | Allows editing and deleting comments in scans and issues |
discoveries | Provides unrestricted access to discoveries |
discoveries:delete | Allows deleting discoveries |
discoveries:manage | Allows editing discoveries |
discoveries:read | Allows viewing existing discoveries |
discoveries:run | Allows running discoveries |
discoveries:stop | Allows stopping discoveries |
entry-points | Provides unrestricted access to entry points |
entry-points:manage | Allows creating, editing, deleting, testing and previewing changes made to entrypoints |
entry-points:read | Allows viewing entry points |
files:read | Allows reading and downloading files from the storage |
files:write | Allows to associate files with projects, clone files, upload or delete them |
groups:delete | Allows deleting groups |
groups:manage | Allows creating new groups, editing existing groups, adding members to groups, assigning roles to groups |
groups:read | Allows viewing groups |
integration.repos:read | Allows viewing resources of the integrated services, for example, GitHub repositories, Slack channels, or Jira boards |
issues:manage | Allows execution and saving scan issues as new |
issues:read | Allows viewing detected scan issues |
logs | Allows viewing the personal activities log |
org:read | Allows viewing basic information about an organization: organization name and quotas. This scope is required for running and managing scans |
org:write | Allows editing company name and enforcing MFA |
org.logs | Allows viewing the organization's activities log |
org.memberships:manage | Allows adding a member to an organization, editing member's details, and deleting a member from an organization |
org.memberships:read | Allows viewing members of an organization |
projects-issues:write | Allows users to manage project issues: to change severity, status, and assignee |
projects:create | Allows to create projects |
projects:delete | Allows deleting projects |
projects:edit | Allows editing project name, number of concurrent scans, adding associated GitHub or Gitlab repositories, Slack channels, Azure or Jira boards, managing webhooks |
projects:read | Allows viewing of available projects and project issues. This scope is required for running a scan |
repeaters:read | Allows viewing organization’s repeaters |
repeaters:write | Allows creating, editing, and deleting a repeater, as well as testing repeater connection to a network |
roles:read | Allows viewing a list of roles |
roles:write | Allows creating, editing, and deleting custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only |
scan-labels:manage | Allows editing labels in scans that are already running or have been finished |
scans | Provides unrestricted access to scan management. org:read scope is also required to run and manage scans |
scans:delete | Allows deleting scans |
scans:manage | Allows editing scan settings |
scans:read | Allows viewing existing scans |
scans:run | Allows running and retesting scans |
scans:stop | Allows stopping scans |
scans-templates | Provides unrestricted access to scan templates management |
scans-templates:read | Allows viewing existing scan templates |
scans-templates:write | Allows creating, editing, and deleting custom scan templates |
scripts:read | Allows viewing repeater’s scripts |
scripts:write | Allows creating, editing, and deleting repeater’s scripts |
user | Allows reading and editing user’s own personal details including consents, date settings, and notifications. Required for API authorization |
user:read | Allows viewing user’s own personal details |
user:write | Allows users to edit their own personal details, for example, change names, emails, and passwords |
Updated 3 days ago