Role-based access control

  • Last updated: July 3, 2023

  • Read time: 1 Minute

Burp Suite Enterprise Edition uses a role-based access control model. You manage permissions for users using roles and groups:

  • A user represents a person who has access to Burp Suite Enterprise Edition via the web interface, or a system that has access via one of the APIs.
  • A role is a set of permissions to perform specific actions, such as scheduling and deleting scans. You assign roles to groups of users.
  • A group is a collection of users with an assigned set of roles.

You can also restrict groups to certain sites.

Vertical segregation of permissions

You can use the roles assigned to a group to provide vertical segregation of permissions. This means that different categories of users can perform different types of action. For example, you can allow some users to initiate scans and you can limit others so that they can only view scan results.

Horizontal segregation of permissions

You can restrict users' access to specific sites. This allows for horizontal segregation of permissions, meaning users can only perform their permitted actions on data related to their sites.

Was this article helpful?