Authorization roles
Learn how to set permissions using authorization roles.
Authorization roles define the permissions on accessing and using Endor Labs and its features. Each authorization role has a set of associated permissions that determine the extent of access to Endor Labs. Ensure that you assign the right role for the right situation and follow the principle of least privilege (PoLP).
You need to assign an authorization role when you create authorization policies and API keys.
The following roles are available:
| Role | Description | Intended Use | Access |
|---|---|---|---|
| Admin | Grants full administrative access to all resources. | System administrators | Read and write for all resources |
| Read-Only | Grants read-only access to all resources. | Users who need to view data but not make changes | Read-only for all resources |
| Code Scanner | Grants necessary access to scan a project using endorctl. | Users or CI/CD-based service accounts that run scans | Read and write for Projects, Repositories, Findings, etc. (Read-only for all other resources) |
| Policy Editor | Grants necessary access to manage policies. | Security team members who define and maintain security policies | Read and write for Policies, Policy templates, etc. (Read-only for all other resources) |
| On-Prem Scheduler | Grants necessary access to run Outpost and to use monitoring scans on supported platforms. | On-premises deployment service accounts | Read and write for Installations, Projects, Namespaces, Scan Requests, etc. (Read-only for all other resources) |
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.