Authorization roles
Learn how to set permissions using authorization roles.
Authorization roles define the permissions on accessing and using Endor Labs and its features. Each authorization role has a set of associated permissions that determine the extent of access to Endor Labs. Ensure that you assign the right role for the right situation and follow the principle of least privilege (PoLP).
You need to assign an authorization role when you create authorization policies and API keys.
The following roles are available:
| Role | Access | Module | Description | API Role Parameter |
|---|---|---|---|---|
| Policy Editor | Complete read and write access | Policies and policy templates | Primarily used to allow users to manage policies. | SYSTEM_ROLE_POLICY_EDITOR |
| Export | Export SBOM and VEX | |||
| Complete read and write access | Notifications | |||
| Read-only | All modules | |||
| Code Scanner | Scan | Projects and repositories | Primarily used for a CI/CD-based service account | SYSTEM_ROLE_CODE_SCANNER |
| Read-only | Policies and policy templates | |||
| Complete read and write access | Projects and repositories | |||
| Complete read and write access | Findings | |||
| Complete read and write access | Notifications | |||
| Read-only | All modules | |||
| Read-Only | Read-only | All modules | Primarily used to grant read-only access to all modules in the application | SYSTEM_ROLE_READ_ONLY |
| Export | Export SBOM and VEX | |||
| Admin | Complete read and write access | All modules | Primarily used to grant complete access to the application | SYSTEM_ROLE_ADMIN |
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.