Skip to main content

Actions and permissions (Preview) Hosted customers only

Each action that you assign to a role provides permissions to perform specific tasks and access to data.

Note

This feature is supported for hosted customers only and is in preview mode. For access to this feature, contact Contrast support.

On-premises customers manage Contrast access by setting up organization users and access groups.

Organization actions and permissions

This action:

Includes these permissions:

And is part of these built-in roles

View organization

General

  • Log in to the Contrast web interface

  • View your user profile

  • View notifications

Reports

  • Generate application reports

Organization viewer

App Security administrator

DevOps administrator

Edit organization

General

  • Log in to the Contrast web interface

  • View your user profile

  • View notifications

  • View score settings

  • View report settings

  • View organization settings

  • Access the Add new button

Policies

  • View policies

Security

  • Get Agent keys

Reports

  • View report settings

  • Generate application reports

Organization editor

Manage organization rules

General

  • Log in to the Contrast web interface

  • View your user profile

  • View notifications

  • View score settings

  • View organization settings

  • Enable or disable Protect

  • Access the Add new button

Policies

  • Manage scoring policies

Reports

  • View report settings

  • Generate application reports

Organization rules administrator

Manage organization

General

  • Log in to the Contrast web interface

  • View your user profile

  • View notifications

  • View organization settings

  • Access the Add new button

Integrations

  • View integration details

  • Edit integration settings

Servers

  • Manage server licenses

Users

  • View users

  • Create users

  • Delete users

  • Edit user settings

Policies

  • Manage scoring policies

Reports

  • View report settings

  • Change report settings

  • Generate application reports

Security

  • Rotate API keys

  • Manage IP restrictions

  • Manage password policy

  • Manage session timeouts

  • Manage two-step verification and SAML

Protect

  • Enable and disable Protect

Scan

  • Turn on dynamic scoring

Organization administrator

DevOps administrator

Manage platform organization

Access control

  • Manage user access groups

  • Mange roles

  • Manage resource groups.

Reports

  • Generate application reports

DevOps administrator

Organization administrator

View audit logs

Security

  • View audit log details

Organization administrator

Application actions and permissions

This action:

Includes these permissions:

And is part of these built-in roles

View application

General

  • Log in to the Contrast web interface

  • View your user profile

  • View notifications

  • Customize score settings

  • Change report settings

  • Change notification settings

Vulnerabilities

  • View vulnerability details

  • Export vulnerabilities, traces, and routes

  • Replay HTTP requests

Applications

  • View application details

  • View, edit, and delete tags

Policies

  • View application policies

  • View application exclusions

Servers

  • View server details

Reports

  • Generate application reports

Libraries

  • View library details

  • View tags

  • View manifest details

  • Export libraries

Organization viewer

DevOps administrator

App security administrator

Application viewer

Application administrator

Application editor

Application rules administrator

Edit application

General

  • Log in to the Contrast web interface

  • View your user profile

  • View notifications

  • View organization settings

  • Customize score settings

  • Change notification settings

  • Access the Add new button

Vulnerabilities

  • View vulnerability details

  • Send vulnerabilities to a bug tracker

  • Merge vulnerabilities

  • Edit vulnerability settings

  • Manage discussions

  • Delete vulnerabilities

  • Export vulnerabilities, traces, and routes

  • Replay HTTP requests

Applications

  • View application details

  • View tags

  • Merge applications

  • Archive applications

  • Restore applications

  • Edit and delete tags

  • Manage filters

  • Manage traces

  • Manage bug tracking settings

Policies

  • View application policies

  • View application exclusions

  • Manage scoring policies

Servers

  • View server details

  • Edit and delete tags

  • Edit server settings

  • Manage bug tracker settings

Reports

  • Generate application reports

  • Change report settings

Libraries

  • View library details

  • View tags

  • Edit and delete tags

  • View manifest details

  • Export libraries

Protect

  • Enable and disable Protect

Application administrator

Application editor

App security administrator

Manage application rules

General

  • Log in to the Contrast web interface

  • View. your user profile

  • View notifications

Architecture

  • View architecture details

Policies

  • Manage Assess rule settings

  • Manage library policies

  • Manage remediation policies

Protect

  • Enable and disable Protect

Application rules administrator

App Security administrator

Application administrator

Manage application

General

  • Log in to the Contrast web interface

  • View your user profile

  • View notifications

  • View organization settings

  • View score settings

  • Customize score settings

  • Change report settings

  • Change notification settings

  • Access the Add new button

Policies

  • View applications policies

  • View application exclusions

  • Manage job outcome policies

  • Manage Assess rule settings

  • Manage library polices

  • Manage remediation policies

  • Manage scoring policies

Applications

  • View application details

  • View tags

  • Edit and delete tags

  • Merge applications

  • Archive applications

  • Restore applications

  • Manage filters

  • Manage traces

  • Manage bug tracker settings

  • License applications

  • Edit application settings

  • Reset applications

  • Delete applications

Architecture

  • View architecture details.

Servers

  • View server details

  • Edit and delete tags

  • Edit server settings

  • Delete servers

  • Manage bug tracker settings

  • Manage server licenses

Protect

  • Enable and disable Protect

Integrations

  • View integration details

  • Edit integration settings

Reports

  • Generate application reports

  • View report settings

Libraries

  • View library details

  • View tags

  • Edit and delete tags

  • View manifest details

  • Export libraries

Users

  • Manage user access groups

  • Manage roles

  • Manage resource groups

Vulnerabilities

  • View vulnerability details

  • Send vulnerabilities to a bug tracker

  • Merge vulnerabilities

  • Edit vulnerability settings

  • Manage discussions

  • Delete vulnerabilities

  • Export vulnerabilities, traces, and routes

  • Replay HTTP requests

Application administrator

Project actions and permissions

This action:

Includes these permissions:

And is part of these built-in roles

View project

Scan

  • View details about scan projects and scans

  • Download scan results in a SARIF or CSV file

DevOps administrator

App Security administrator

Project viewer

Project administrator

Upload scans

Scan

  • Upload files for scanning

Scan uploader

View, edit, delete project

Scan

  • Archive scan projects

  • Delete scan projects

  • Edit project settings

  • Change scan vulnerability status and severity

  • Upload files for scanning

  • Start scans

  • View details for scan projects and scans

  • Download scan results in a SARIF or CSV file

App security administrator

Project administrator

Create project

Scan

  • Create scan projects

Project administrator

Edit project

Scan

  • Edit scan project settings

  • Upload files for scanning

  • View details for scan projects and scans

  • Download scan results in a SARIF or CSV file

Project administrator

Delete project

Scan

  • View details for scan projects and scans

  • Download scan results in a SARIF or CSV file

  • Delete scan projects

Project administrator

Protect actions and permissions

This action:

Includes these permissions:

And is part of these built-in resource groups

Access Protect

Protect

  • View Protect data

Protect viewer

Manage Protect exclusions

Protect

  • View application exclusions for Protect rules

  • Create and edit application exclusions for Protect rules

Protect exclusion administrator

Manage Protect policies

Protect

  • View and edit Protect policies

  • Add or edit log enhancers

  • Manage attack alerts

  • Manage the IP denylist

  • Manage Protect licenses

  • Manage Protect rule settings.

Protect policy administrator

Manage Protect sensitive data policies

Protect

  • View details for sensitive data policies

  • Edit polices for sensitive data

Protect sensitive data administrator

View attack data

Protect

  • View attack event data

App security engineer

SCA projects actions and permissions

This action:

Includes these permissions:

And is part of these built-in roles

View SCA projects

Libraries

View SCA project details

SCA project group viewer

SCA project group administrator

Create SCA projects

Libraries

  • Connect to open source repositories for new SCA projects

  • Create (and track, if using the --track option) new SCA project from the Contrast CLI

SCA project group administrator

Delete SCA projects

Libraries

  • Disconnect open source repositories for SCA projects

SCA project group administrator

Manage SCA projects

Libraries

  • View SCA project details

  • Connect to open source repositories for SCA projects

  • Edit SCA project details

  • Disconnect SCA projects

  • Run additional or subsequent SCA scans for SCA projects

SCA project group administrator

Serverless actions and permissions

This action:

Includes these permissions:

And is part of these built-in roles

View Serverless

Serverless

  • View Serverless data

  • Interact with API endpoints

Serverless user