1. Documentation
  2. Continuous Fuzzing

Role-based access control

Authorization is done using role-based access control (RBAC). Users can be assigned to roles dynamically, whereas the mapping from a role to a set of permissions (CRUD x API objects) can be static.

Organization roles

Organizations have owners and members

  • Owners have complete administrative access to the organization.

  • Members are the default for everybody else. The role that members gain in a project within an organization is configurable by the owners.

Member permissions

The organization owner can configure which roles organization members have in all projects of the organization. Options are none, observer, developer, and administrator. Each member will have at least this role in all organization projects. It is still possible to give some users a more privileged role on a project level.

Organization action

Member

Owner

List org members

 

x

Add member to org

 

x

Remove member from org

 

x

Delete Org

 

x

Manage member permissions

 

x

View member permissions

 

x

View all org projects

x

x

Add project to org

x

x

Project roles

Projects have the following roles:

  • Observers have read-only access to a project.

  • Developers have read-write access to a project.

  • Administrators have full access to a project, including sensitive and destructive actions such as access rights or deleting things.

Project action

Observer

Developer

Administrator

View findings

x

x

x

Download report

x

x

x

Start fuzzing

 

x

x

Configure fuzzing

 

x

x

Configure project

 

x

x

Delete findings

 

 

x

Delete project

 

 

x

List members

 

 

x

Add members

 

 

x

Delete members

 

 

x