Mend SCA API 2.0 - Roles and permissions
Overview
In this article, we cover the Mend roles and their permissions to use SCA API 2.0 for the organization and product scopes from the Mend Application, using the following legend:
Value | Description |
---|---|
| Yes, no limitations |
| Yes, with limitations |
| No, no exceptions |
A "read-only" API endpoint allows you to retrieve data or access information but does not permit any modifications, updates, or deletions to the data. An “alteration” API endpoint is the opposite, where it allows you to create, update, or delete records, alter configurations, or modify the state of data within your defined scope(s).
Tip: To obtain this information via API 2.0, use our Get All Available Permissions Grouped By Roles endpoint.
Reference
Mend SCA API 2.0 - Service user permissions
When a service user is initially created in the Mend Application, they are automatically added to the default Mend “users” group, which has the Organization Member role.
User Type | Generate JWT Token | Run “read-only” API 2.0 endpoints | Run “alteration” API 2.0 endpoints |
---|---|---|---|
Service user |
|
|
|
Mend SCA API 2.0 - Mend default groups permissions
Mend has two pre-defined user groups, admins and users.
admin - Organization Administrator role
users - Organization Member role
Group | Generate JWT Token | Run “read-only” API 2.0 endpoints | Run “alteration” API 2.0 endpoints |
---|---|---|---|
admin |
|
|
|
users |
|
|
|
Mend SCA API 2.0 - Organization-level roles permissions
Role | Generate JWT Token | Run “read-only” API 2.0 endpoints | Run “alteration” API 2.0 endpoints |
---|---|---|---|
Alert Ignorers |
|
|
|
Auditors |
|
|
|
Default Approvers |
|
|
|
License and Copyright Assigners |
|
|
|
New Alert Email Receivers |
|
|
|
Organization Administrators |
|
| |
Organization Members |
|
|
|
Mend SCA API 2.0 - Product-level roles permissions
Role | Generate JWT Token | Run “read-only” API 2.0 endpoints | Run “alteration” API 2.0 endpoints |
---|---|---|---|
Product Administrators |
|
|
|
Product Alert Ignorers |
|
|
|
Product Approver |
|
|
|
Product Assignment |
|
|
|
Product Integrators |
|
|
|
Product New Alert Email Receivers |
|
|
|