User and Role Administration
The AppSentinels API Security Platform provides robust user and role management capabilities to ensure secure and role-based access to application data, vulnerabilities, and security events. Access can be tailored based on organizational roles and responsibilities.
Predefined User Roles
AppSentinels offers several predefined roles to align with common security and development personas:
| Role | Description |
|---|---|
| Org Admin | Manages organization-wide settings such as applications, API keys, etc. |
| Admin | Has full access to all data and settings within assigned applications. |
| Security InfoSec | Application security engineers responsible for API security testing. |
| Security Ops | Handles real-time threat detection and mitigation in production environments. |
| Developer | Views API details and associated vulnerabilities. |
For detailed access control information, navigate to Settings → User & Role Administration → Roles List
Custom Roles
AppSentinels supports the creation of custom user roles with granular permissions tailored to specific organizational needs.
How to Create a Custom Role
- Navigate to: Settings → User & Role Administration → Roles List → Add Role
- Define the role name and description.
- Set Read or Edit permissions per screen/module (e.g., Dashboard, Vulnerability, Insights).
- Click Add to save the role.
Example: ReadOnly Role
A custom role that provides read-only access to specific modules
like Dashboard, API Catalogue, Parameter Catalogue, Vulnerabilities,
Threat Actors, and Insights.
Adding Users
Users can be added in two ways:
1. Organization-Wide Access
- Navigate to Organization → Settings → User & Role Administration → User List → Add User
-
Provide:
- Email ID
- Role (Predefined or Custom)
- Applications the user needs access to
- Click Add
2. Application-Specific Access
- Navigate to: Application → Settings → User & Role Administration → User List
- Add the user with specific access to that application only.
