Personal API Key Scopes
When creating a personal API key in the user settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.
Scope | Description |
---|---|
auth-objects:read | Allows viewing authentication objects |
auth-objects:test | Allows testing an authentication object during its configuration |
auth-objects:write | Allows creating, editing and deleting authentication objects |
bot | Enables communication between a Repeater and the Bright engine |
files:read | Allows reading files from the storage and verifying targets |
files:write | Allows managing files in the storage, for example, uploading or deleting them |
groups:delete | Allows deleting groups |
groups:manage | Allow managing groups, for example creating a new group or editing an existing group |
groups:read | Allows viewing information about groups that a user has been added to |
integration.repos:read | Allows viewing resources associated via integrations, for example, GitHub repositories, Slack channels, or Jira boards |
issues:manage | Allows managing detected issues, for example assigning a user to an issue, marking an issue as resolved, or retesting an issue |
issues:read | Allows viewing detected issues |
org:read | Allows viewing basic information about an organization. This scope is required for running a scan |
org:write | Allows editing basic information about an organization and managing its basic settings, for example, enforcing MFA |
org.memberships:manage | Allows managing organization members, for example adding a member to an organization, deleting a member from an organization, or viewing a member’s profile |
org.memberships:read | Allows viewing members of an organization |
projects:delete | Allows deleting projects |
projects:manage | Allows managing projects, for example creating a new project or editing an existing one |
projects:read | Allows displaying available projects. This scope is required for running a scan |
repeaters:read | Allows viewing organization’s repeaters |
repeaters:write | Allows creating, editing, deleting a repeater, as well as testing repeater connection to a network |
roles:read | Allows viewing a list of roles |
roles:write | Allows creating and editing custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only |
scans | Provides unrestricted access to scan management |
scans:delete | Allows deleting scans |
scans:manage | Allows managing scans, for example editing scan settings or retesting a scan |
scans:read | Allows viewing existing scans |
scans:run | Allows running scans |
scans:stop | Allows stopping scans |
scripts:read | Allows viewing repeater’s scripts |
scripts:write | Allows creating, editing, and deleting scripts |
user | Allows reading and editing user’s own personal details including consents, date settings, notifications. Required for API authorization. |
user:read | Allows viewing user’s own personal details |
user:write | Allows users to edit their own personal details, for example, change names, emails, and passwords |
Updated 8 months ago