Skip to content

Teams and permissions

servasec uses a layered permission model: RBAC at the global level and resource-level access at the application level.

Roles

Role Scope Permissions
Admin Global Full access to all resources, user management, scanner configuration
Member Global Can create applications, manage own assignments

Teams

Teams group users for collaborative access to applications.

POST /api/teams
Content-Type: application/json

{
  "name": "Security Team"
}

Add members:

POST /api/teams/{id}/members
Content-Type: application/json

{
  "user_id": "user-uuid",
  "role": "member"
}

Resource-level permissions

Grant read or write access to specific applications for users or teams:

POST /api/permissions/applications
Content-Type: application/json

{
  "application_id": "app-uuid",
  "user_id": "user-uuid",
  "permission": "write"
}
Permission Description
read View findings, scans, and application details
write Full CRUD, ingest scans, manage webhooks