Role-Based Access Control (Enterprise)
Understand the distinct functions and permissions of each user role available through Debricked's Role-Based Access Control.
This feature is only available for our SCA Enterprise users. Already have an account? Click here to upgrade.
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC) allows you to grant and enforce access to functionalities and integrated repositories by assigning pre-defined roles to users. To give you better control over what functionality and data can be accessed by different users, these roles are assigned per individual repository. A single user can have one level of access rights for one repository and a different level for another. Anything a user can see and do in an integrated repository is defined by their role.
Default user role
By default, once a new repository is integrated, only the company admin(s) get access to it (apart from the user integrating it), while other users are assigned the No access role. As a company admin, you are able to set the default role to one of your choice (up to the Reviewer role), which will be assigned to users every time a new repository is integrated.
To do so:
Go to Admin tools.
Type your password to enter the administrative mode.
In the Company Settings tab, click the drop-down and select a role of your choice.
User roles
Following are the seven different user roles:
Available actions for each user role
View repository information
✓
✓
✓
✓
✓
✓
View Start Left information
✓
✓
✓
✓
✓
✓
Access to API
✓
✓
✓
✓
✓
✓
Create exports
✓
✓
✓
✓
✓
✓
Add comments
✓
✓
✓
✓
✓
✓
Access the repository
✓
✓
✓
✓
✓
✓
Integrate repositories
✓
✓
✓
✓
✓
Create Pull Requests
✓
✓
✓
✓
✓
Pause vulnerabilities
✓
✓
✓
✓
✓
Perform manual uploads
✓
✓
✓
✓
✓
Snooze vulnerabilities
✓
✓
✓
Set and change the review status
✓
✓
✓
Modify automation rules for a given repository
✓
✓
✓
Edit other users’ permissions (up to own levels)
✓
✓
✓
Invite users
✓
✓
✓
Edit repository use cases
✓
✓
✓
Set the default branch for the repository
✓
✓
✓
Enable or disable GitHub scanning
✓
✓
✓
Delete repositories
✓
✓
✓
Delete commits
✓
✓
✓
Create access tokens
✓
Delete the company account
✓
Access billing self-serve
✓
Whitelist email domains
✓
Enforce 2 factor authentication
✓
Change SSO settings
✓
Modify default automations
✓
Toggle allowing/disallowing snooze
✓
Delete other accounts
✓
Disable other accounts
✓
Update information for other user
✓
Manage policies
✓
Assign roles when inviting new users
Go to Admin tools. You can also go to either Repositories, Vulnerabilities or Dependencies view.
If needed, type your password to enter the administrative mode.
Click Invite users.
Select the repository(s) you want the users to be invited to.
Add the emails of the invitee(s).
Select a user role for each of the invitee.
Click Create invite.
The invitation then shows up in the Invitations to send tab. Here, you can Edit or Delete it if needed.
Once you review it, click Send invite.
The invitation then shows up in Sent invitations. Here, you can withdraw the invitation by clicking Delete.
Modify access for an existing user
Go to Admin tools.
Type your password to enter the administrative mode.
In the Users tab, find a list of users in your company. If you hover over the rule name in the User role column, you can see all of the current roles of that user and their scope(s).
To edit the role, click Edit (pen icon) on the right side of the table.
Click either the Handle access tab, or Handle access button. Here, you can edit the user’s existing role(s) and their scope(s).
To assign a new role click the + button.
Last updated
Was this helpful?