LogoLogo
WebsitePricingBlog
  • Debricked Documentation
  • Overview
    • Getting started
      • Create a OpenText Core SCA account
      • Running OpenText Core SCA
    • Help
      • Frequently asked questions (FAQ)
      • Upgrade your account
      • Get help in OpenText Core SCA tool
    • Language support
      • C# - Nuget, Paket
      • CycloneDX SBOM
      • Go - Go Modules, Go Dep, Bazel
      • Java & Kotlin - Gradle, Maven, Bazel
      • JavaScript - NPM, Yarn, Bower
      • Objective-C - CocoaPods
      • PHP - Composer
      • Python - Pip, Pipenv
      • Ruby - RubyGems
      • Rust - Cargo
      • Swift - CocoaPods
      • Linux package managers
      • Scala - SBT
    • Security overview
  • Product
    • Vulnerability management
      • Security terms
      • Data sources
      • See your data
      • Pull Requests (PR)
        • Enable Pull Request support
        • Solve vulnerabilities using Pull Requests (PR)
        • Solve vulnerabilities using Pull Requests (PR) via API
      • Set a review status
        • Snooze or pause a review status
      • Reachability Analysis
        • Set up Reachability Analysis for Java
        • Set up Reachability Analysis for Go
      • Solve vulnerabilities manually with root fixes
    • License risk management
      • Licence families
      • License risks
      • Set up a use case
        • Set up a use case using API
      • Proxy non-standard license identifiers
    • Project health
      • Contributors
      • Popularity
      • Security
    • Open source select
      • Search projects
      • Compare projects
      • View more details
      • Start left policies
      • OpenText Core SCA Select Browser Extension
      • End of Life (EOL)
    • Automation
      • Create an automation rule
      • Edit an automation rule
      • Default automation rules
      • Set up webhooks
      • Policies
      • Monitoring
    • Exporting or SBOM
      • Overview
      • License export
      • Vulnerability export
      • SBOM export
        • CycloneDX SBOM export
        • SPDX SBOM export
    • Administration
      • Generate access token
      • Account
        • Change your password
        • Delete your account
        • Delete company account
      • Billing
        • Manage contributing developers
        • Manage billing frequency
        • Manage payment methods
        • Access invoices
        • Manage your subscription
      • Settings
        • Enable and disable snoozing vulnerabilities
        • Supported language for Debricked tool
        • View logged events
        • Two-Factor Authentication (2FA)
      • Users
        • User roles (freemium and premium)
        • Role-Based Access Control (Enterprise)
        • Manage users
          • Add a new user
      • Repositories
        • Default Branch
        • Repository groups
        • Manually upload a dependency file
        • Manage your commits
  • Tools & Integrations
    • Command Line Interface (CLI)
      • Debricked CLI
        • High performance scans
        • File fingerprinting
      • Legacy CLI
    • CI/CD integrations
      • GitHub
      • CircleCI
      • BuildKite
      • GitLab
      • Bitbucket
      • Azure DevOps
      • Argo workflows
      • Travis CI
      • Jenkins
      • Bamboo
      • TeamCity
    • Fortify on Demand (FoD)
    • Fortify Software Security Center (SSC)
    • Debricked APIs
      • Open source select API
    • Integrated Development Environments (IDEs)
    • Single Sign-On (SSO)
      • Single Sign-On (SSO) through Okta
      • Single Sign-On (SSO) through Microsoft Entra ID
      • Single Sign-On (SSO) through JumpCloud OIDC
      • Single Sign-On (SSO) through GitHub
  • Tips & Tricks
    • Debricked CLI migration guide
    • Workarounds
      • Scanning Conan (C++) projects
      • Scanning a repository with different services
      • Scanning Docker images
      • Automations: Do not fail on found CVE lacking a fix
Powered by GitBook
LogoLogo

Company

  • Pricing
  • Blog

Support

  • Privacy Policy
  • Terms & Conditions
  • Service Status

Resources

  • Vulnerability DB
  • Open Source Select

© 2018-2024 | Open Text

On this page
  • Role-Based Access Control (RBAC)
  • Default user role
  • User roles
  • Available actions for each user role
  • Assign roles when inviting new users
  • Modify access for an existing user

Was this helpful?

Export as PDF
  1. Product
  2. Administration
  3. Users

Role-Based Access Control (Enterprise)

Understand the distinct functions and permissions of each user role available through Debricked's Role-Based Access Control.

Last updated 29 days ago

Was this helpful?

This feature is only available for our users. Already have an account?

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) allows you to grant and enforce access to functionalities and integrated repositories by assigning pre-defined roles to users. To give you better control over what functionality and data can be accessed by different users, these roles are assigned per individual repository. A single user can have one level of access rights for one repository and a different level for another. Anything a user can see and do in an integrated repository is defined by their role.

Default user role

By default, once a new repository is integrated, only the company admin(s) get access to it (apart from the user integrating it), while other users are assigned the No access role. As a company admin, you are able to set the default role to one of your choice (up to the Reviewer role), which will be assigned to users every time a new repository is integrated.

To do so:

  1. Go to Admin tools.

  2. Type your password to enter the administrative mode.

  3. In the Company Settings tab, click the drop-down and select a role of your choice.

User roles

Following are the seven different user roles:

No access

Users with this role can only see the name of the repository, but cannot access any more information.

Viewer

Recommended for non-code contributors who want to view or discuss your project.

Users with this role can:

  • View repository information

  • View Start Left information

  • Add comments

  • Create exports

  • Access the API (limited by endpoints)

Developer

Recommended for contributors who should be able to create pull requests and fix vulnerabilities.

Users with this role can:

  • Access the repository

  • View repository information

  • Integrate repositories

  • Add comments

  • View Start Left information

  • Create exports

  • Access the API (limited by endpoints)

  • Create Pull Requests

  • Pause vulnerabilities

  • Perform manual uploads (only via the API)

Reviewer

Recommended for contributors who need to review and triage vulnerabilities and the like.

Users with this role can:

  • Access the repository

  • View repository information

  • Integrate repositories

  • Add comments

  • View Start Left information

  • Create exports

  • Access the API (limited by endpoints)

  • Create Pull Requests

  • Pause and snooze vulnerabilities

  • Set and change the review status

  • Perform manual uploads

Maintainer

Recommended for contributors who don’t need to review and triage, but are able to manage the repository, perform manual uploads, and invite users.

Users with this role can:

  • Access the repository

  • View repository information

  • Integrate repositories

  • Add comments

  • View Start Left information

  • Create exports

  • Access the API (limited by endpoints)

  • Create Pull Requests

  • Pause vulnerabilities

  • Modify repository automation rules

  • Edit other users’ permissions (up to own levels)

  • Invite users

  • Edit repository use cases

  • Set the default branch for the repository

  • Enable or disable GitHub scanning

  • Delete repositories

  • Delete commits

  • Perform manual uploads

Repository admin

Recommended for people who need full access to the repository, including reviews and triaging.

Users with this role can:

  • Access the repository

  • View repository information

  • Integrate repositories

  • Add comments

  • View Start Left information

  • Create exports

  • Access the API (limited by endpoints)

  • Create Pull Requests

  • Pause and snooze vulnerabilities

  • Modify repository automation rules

  • Edit other users’ permissions (up to own levels)

  • Invite users

  • Edit repository use cases

  • Set the default branch for the repository

  • Enable or disable GitHub scanning

  • Delete the repository

  • Delete commits

  • Perform manual uploads

  • Set and edit the review status

Company admin

The highest level of access. Recommended for people who need full access to all repositories and settings.

Users with this role can perform all actions of a Repository admin and also:

  • Modify all automation rules

  • Edit all use cases

  • Delete the company account

  • Access billing self-serve

  • Whitelist email domains

  • Enforce 2 factor authentication

  • Change SSO settings

  • Modify default automations

  • Toggle allowing or disallowing snooze

  • Delete other accounts

  • Disable other accounts

  • Update account information for other users

  • Manage policies

Available actions for each user role

Action
Viewer
Developer
Reviewer
Maintainer
Repository Admin
Company Admin

View repository information

✓

✓

✓

✓

✓

✓

View Start Left information

✓

✓

✓

✓

✓

✓

Access to API

✓

✓

✓

✓

✓

✓

Create exports

✓

✓

✓

✓

✓

✓

Add comments

✓

✓

✓

✓

✓

✓

Access the repository

✓

✓

✓

✓

✓

✓

Integrate repositories

✓

✓

✓

✓

✓

Create Pull Requests

✓

✓

✓

✓

✓

Pause vulnerabilities

✓

✓

✓

✓

✓

Perform manual uploads

✓

✓

✓

✓

✓

Snooze vulnerabilities

✓

✓

✓

Set and change the review status

✓

✓

✓

Modify automation rules for a given repository

✓

✓

✓

Edit other users’ permissions (up to own levels)

✓

✓

✓

Invite users

✓

✓

✓

Edit repository use cases

✓

✓

✓

Set the default branch for the repository

✓

✓

✓

Enable or disable GitHub scanning

✓

✓

✓

Delete repositories

✓

✓

✓

Delete commits

✓

✓

✓

Create access tokens

✓

✓

Delete the company account

✓

Access billing self-serve

✓

Whitelist email domains

✓

Enforce 2 factor authentication

✓

Change SSO settings

✓

Modify default automations

✓

Toggle allowing/disallowing snooze

✓

Delete other accounts

✓

Disable other accounts

✓

Update information for other user

✓

Manage policies

✓

Assign roles when inviting new users

  1. Go to Admin tools. You can also go to either Repositories, Vulnerabilities or Dependencies view.

  2. If needed, type your password to enter the administrative mode.

  3. Click Invite users.

  4. Select the repository(s) you want the users to be invited to.

  5. Add the emails of the invitee(s).

  6. Select a user role for each of the invitee.

  7. Click Create invite.

  8. The invitation then shows up in the Invitations to send tab. Here, you can Edit or Delete it if needed.

  9. Once you review it, click Send invite.

  10. The invitation then shows up in Sent invitations. Here, you can withdraw the invitation by clicking Delete.

Modify access for an existing user

  1. Go to Admin tools.

  2. Type your password to enter the administrative mode.

  3. In the Users tab, find a list of users in your company. If you hover over the rule name in the User role column, you can see all of the current roles of that user and their scope(s).

  4. To edit the role, click Edit (pen icon) on the right side of the table.

  5. Click either the Handle access tab, or Handle access button. Here, you can edit the user’s existing role(s) and their scope(s).

  6. To assign a new role click the + button.

SCA Enterprise
Click here to upgrade.