Role Management Scopes
When creating a custom role to be assigned to a new or an existing user, you can predefine access permissions for this role by selecting the relative scopes. The following table describes the permissions each scope provides.
Scope | Description |
---|---|
activities | Allows viewing notifications and managing the notification feed |
api-keys | Allows creating personal API keys |
auth-objects | Provides unrestricted access to authentication objects management |
auth-objects:read | Allows viewing authentication objects |
auth-objects:test | Allows testing an authentication object during its configuration |
auth-objects:write | Allows creating, editing and deleting authentication objects |
auth-providers | Allows configuring SSO providers (okta, Google, ADFS) |
billing | Allows viewing billing summary |
comments | Allows viewing and managing comments in scans and issues that a user has access to |
comments:read | Allows viewing comments in scans and issues that a user has access to |
comments:write | Allows managing (editing, deleting) comments in scans and issues that a user has access to |
entry-points:read | Allows viewing entry points |
files:read | Allows reading and download files from the storage |
files:write | Allows to associate files with projects, clone files, upload or delete them |
groups:admin | Provides unrestricted access to all organization groups |
groups:manage | Allows creating new groups, editing existing groups, adding members to groups, assigning roles to groups |
groups:read | Allows viewing information about groups that a user has been added to |
groups:delete | Allows deleting groups |
integrations:read | Allows viewing a list of available and enabled integrations |
integrations:write | Allows enabling integrations with services like GitHub, Gitlab, Slack, Jira or Azure |
integration.repos:read | Allows viewing resources of the integrated services, for example, GitHub repositories, Slack channels, or Jira boards |
integration.repos:manage | Allows choosing the severity level of issues to be opened in integrated services |
issues:manage | Allows execution and saving scan issues as new |
issues:read | Allows viewing detected scan issues |
logs | Allows viewing the activities log |
org | Provides unrestricted access to organization management, including permission to delete the organization |
org:read | Allows viewing basic information about an organization. This scope is required for running a scan |
org:write | Allows editing company name and enforcing MFA |
org.api-keys | Allows creating organization API keys (tokens) |
org.memberships:manage | Allows adding a member to an organization, editing member's details and deleting a member from an organization |
org.memberships:read | Allows viewing members of an organization |
payments | Allows managing user’s payments |
payment-methods | Allows managing payment methods |
plans | Allows viewing information about payment plans |
products | Allows viewing information about available products |
projects:admin | Provides unrestricted access to project management |
projects:delete | Allows deleting projects |
projects-issues:write | Allows users to manage project issues: to change severity, status, and assignee |
projects:manage | Allows managing projects, for example creating a new project or editing an existing one |
projects:read | Allows displaying available projects. This scope is required for running a scan |
project.api-keys | Allows creating project-level API keys |
repeaters:read | Allows viewing organization’s repeaters |
repeaters:write | Allows creating, editing, and deleting a repeater, as well as testing repeater connection to a network |
reports:read | Allows viewing scan reports |
reports:write | Allows managing configuration of PDF reports |
roles:read | Allows viewing a list of roles |
roles:write | Allows creating, editing and deleting custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only |
scans | Provides unrestricted access to scan management |
scans:delete | Allows deleting scans |
scans:manage | Allows editing scan settings |
scans:read | Allows viewing existing scans |
scans:run | Allows running and retesting scans |
scans:stop | Allows stopping scans |
scans-templates | Provides unrestricted access to scan templates management |
scans-templates:read | Allows viewing existing scan templates |
scans-templates:write | Allows creating, editing, and deleting custom scan templates |
scan-labels:manage | Allows editing labels in scans that are already running or have been finished |
scripts:read | Allows viewing repeater’s scripts |
scripts:write | Allows creating, editing, and deleting scripts |
subscriptions | Allows managing plan subscriptions for an organization |
user | Allows reading and editing user’s own personal details including consents, date settings, notifications |
user:read | Allows viewing user’s personal details |
user:write | Allows users to edit their personal details, for example, change names, emails, and passwords |
Updated about 2 years ago