Teams and permissions¶
servasec uses a layered permission model: RBAC at the global level and resource-level access at the application level.
Roles¶
| Role | Scope | Permissions |
|---|---|---|
| Admin | Global | Full access to all resources, user management, scanner configuration |
| Member | Global | Can create applications, manage own assignments |
Teams¶
Teams group users for collaborative access to applications.
Add members:
POST /api/teams/{id}/members
Content-Type: application/json
{
"user_id": "user-uuid",
"role": "member"
}
Resource-level permissions¶
Grant read or write access to specific applications for users or teams:
POST /api/permissions/applications
Content-Type: application/json
{
"application_id": "app-uuid",
"user_id": "user-uuid",
"permission": "write"
}
| Permission | Description |
|---|---|
read |
View findings, scans, and application details |
write |
Full CRUD, ingest scans, manage webhooks |