Skip to main content

Authorization troubleshooting for access control (Preview) Hosted customers only

Note

Role-based access control is supported for hosted customers only and is in preview mode. If you want to be an early adopter, contact Contrast support.

Authorization for access control

Authorization for access control determines the actions a user can take for a specific resource. If a user receives a 403 (Forbidden message), Contrast access control has determined that the user does not have enough permissions to perform the requested operation. Access control considers these elements during authorization:

  • User: The person performing a request.

  • Action: The operation you want to perform. For example, viewing, editing, or managing.

  • Resource: The resource that access control protects from unauthorized access. For example, applications, Scan projects, user access groups, resource groups, and roles.

Access control: troubleshooting steps

  1. Check the user permissions.

    1. Under the user menu, select Organization settings.

    2. Select Access control.

    3. In the Users tab, find the user in the list and select the key icon (icon-key.svg in the Actions column.

    4. If the user is assigned the correct roles and resources, go to the next step. Otherwise, update the user settings.

    You can also retrieve a user's role-based access control permissions by using the Contrast API.

  2. (Optional) Verify effective user permissions.

    The Contrast web interface lets you view permissions and settings for individual users, however, you can also use the Contrast API to verify the effective user permissions, such as:

    • Resources (applications, Scan projects, and functions) that the user can access.

    • The actions assigned to the user.

    • The role, user access group, and resource group combination that provides the user permissions.

    Access control queries provides examples of how to use the Contrast API to check user settings and permissions.

    If the user settings and permissions look correct, contact Contrast support for additional help. Otherwise, update the user settings and permissions.

In this section: