Personal API Key Scopes

When creating a personal API key in the user settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.

ScopeDescription
auth-objectsProvides unrestricted access to authentication objects management
auth-objects:readAllows to view the basic configuration of authentication objects
auth-objects:testAllows testing an authentication object during its configuration
auth-objects:writeAllows managing authentication objects that have been created by a user
botEnables communication between a Repeater and the Bright engine
files:readAllows reading files from the storage and verifying targets
files:writeAllows managing files in the storage, for example, uploading or deleting them
groups:deleteAllows deleting groups
groups:manageAllow managing groups, for example creating a new group or editing an existing group
groups:readAllows viewing information about groups that a user has been added to
integration.repos:readAllows viewing associated repositories, for example, GitHub repositories, Slack channels, or Jira boards
issues:manageAllows managing detected issues, for example assigning a user to an issue, marking an issue as resolved, or retesting an issue
issues:readAllows viewing detected issues
org:readAllows viewing basic information about an organization
org:writeAllows editing basic information about an organization and managing its basic settings, for example, enforcing MFA
org.memberships:manageAllows managing organization members, for example adding a member to an organization, deleting a member from an organization, or viewing a member’s profile
org.memberships:readAllows viewing members of an organization
projects:deleteAllows deleting projects
projects:manageAllows managing projects, for example creating a new project or editing an existing one
projects:readAllows displaying available projects. This scope is required for running a scan
repeaters:readAllows viewing organization’s repeaters
repeaters:writeAllows creating, editing, deleting a repeater, as well as testing repeater connection to a network
roles:readAllows viewing a list of roles
roles:writeAllows creating and editing custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only
scansProvides unrestricted access to scan management
scans:deleteAllows deleting scans
scans:manageAllows managing scans, for example editing scan settings or retesting a scan
scans:readAllows viewing existing scans
scans:runAllows running scans
scans:stopAllows stopping scans
scripts:readAllows viewing repeater’s scripts
scripts:writeAllows creating, editing, and deleting scripts
userSelected by default for all roles
user:readAllows viewing user’s personal details
user:writeAllows users to edit their personal details, for example, change names, emails, and passwords