Managing Custom Roles
Creating a custom role
You can create a custom role with specific access scopes and assign it to a new or an existing user (member) of your organization. Therefore, all the created users can be granted different scanning and management permissions.
Initially, the list of roles includes only the default options. View the Description column to check the access permissions provided by each role.
Note
Only the Admin and Owner default roles allow creating and managing custom roles. A Team Lead can only view the custom roles created by an Admin or an Owner
To create a custom role with specific permissions, follow these steps:
- In the upper-right corner of the ROLES section, click + Create Role.
- In the Create Role dialog box, do the following:
a. In the Name field, enter a role name.
b. (Optional). In the Description field, enter a short description of the permissions that a user assigned to this role will be granted.
c. Select the access scopes for the role. You can find more information here.
The list of scopes available for selection depends on your role. You cannot select the roles you do not have access to (such scopes are grayed out).
d. Click Create.
The created role is added to the end of the list. Please switch to another list page or set an extended number of items to be shown on a page to view the recent custom roles.
Selecting a custom user scopes
The Bright app allows you to create custom roles with specific access permissions. When creating a custom role to be assigned to a new or an existing user, you can predefine access permissions for this role by selecting the relative scopes. The following table describes the permissions each scope provides.
| Scope | Guest | User | Billing Manager | Team Leader | Admin |
|---|---|---|---|---|---|
activities | + | + | + | + | + |
api-keys | + | + | + | + | + |
auth-objects | + | + | + | ||
auth-objects:read | + | + | + | + | |
auth-objects:test | + | + | + | ||
auth-objects:write | + | + | + | ||
auth-providers | |||||
billing | + | ||||
comments | + | + | + | ||
comments:read | + | + | + | + | |
comments:write | + | + | + | ||
entry-points:read | + | + | + | + | |
files:read | + | + | + | + | |
files:write | + | + | + | ||
groups:admin | |||||
groups:manage | + | + | |||
groups:read | + | + | + | + | + |
groups:delete | |||||
integrations:read | |||||
integrations:write | |||||
integration.repos:read | + | + | + | + | |
integration.repos:manage | + | + | |||
issues:manage | + | + | + | ||
issues:read | + | + | + | + | |
logs | + | + | + | + | |
org | |||||
org:read | + | + | + | + | |
org:write | |||||
org.api-keys | |||||
org.memberships:manage | + | + | |||
org.memberships:read | + | + | + | + | + |
payments | |||||
payment-methods | + | + | + | ||
plans | + | ||||
products | + | ||||
projects:admin | |||||
projects:delete | |||||
projects-issues:write | + | + | |||
projects:manage | + | + | |||
projects:read | + | + | + | + | + |
project.api-keys | + | + | |||
repeaters:read | + | + | + | + | |
repeaters:write | + | + | + | ||
reports:read | + | + | + | + | |
reports:write | |||||
roles:read | + | + | |||
roles:write | |||||
scans | + | + | + | ||
scans:delete | + | + | + | ||
scans:manage | + | + | + | ||
scans:read | + | + | + | + | |
scans:run | + | + | + | ||
scans:stop | + | + | + | ||
scans-templates | + | + | + | ||
scans-templates:read | + | + | + | + | |
scans-templates:write | + | + | + | ||
scan-labels:manage | + | + | |||
scripts:read | + | + | + | + | |
scripts:write | + | + | |||
subscriptions | + | ||||
user | + | + | + | + | + |
user:read | + | + | + | + | + |
user:write | + | + | + | + | + |
Editing a custom role
You can edit a custom role, for example, change the description and access scopes.
Note
The default roles are read-only, you cannot edit or delete them.
To edit a custom role, do the following:
- Click
next to the role you want to edit, and then select Edit.
- In the Edit Role dialog box, make changes to the role and click Save.
Deleting a custom role
To delete a custom role, do the following:
- In the ROLES list, click next to the role you want to delete.
- From the dropdown list, select Delete.
The users assigned to the role that you have deleted automatically lose their permissions and become Guests.
Updated over 1 year ago