Mend SCA API 2.0 - Roles and permissions

Overview

In this article, we cover the Mend roles and their permissions to use SCA API 2.0 for the organization and product scopes from the Mend Application, using the following legend:

Value	Description
	Yes, no limitations
	Yes, with limitations
	No, no exceptions

A "read-only" API endpoint allows you to retrieve data or access information but does not permit any modifications, updates, or deletions to the data. An “alteration” API endpoint is the opposite, where it allows you to create, update, or delete records, alter configurations, or modify the state of data within your defined scope(s).

Tip: To obtain this information via API 2.0, use our Get All Available Permissions Grouped By Roles endpoint.

Reference

Mend SCA API 2.0 - Service user permissions

When a service user is initially created in the Mend Application, they are automatically added to the default Mend “users” group, which has the Organization Member role.

User Type	Generate JWT Token	Run “read-only” API 2.0 endpoints	Run “alteration” API 2.0 endpoints
Service user		For scopes without assigned roles

Mend SCA API 2.0 - Mend default groups permissions

Mend has two pre-defined user groups, admins and users.

admin - Organization Administrator role
users - Organization Member role

Group	Generate JWT Token	Run “read-only” API 2.0 endpoints	Run “alteration” API 2.0 endpoints
admin
users		For scopes without assigned roles

Mend SCA API 2.0 - Organization-level roles permissions

Role	Run “read-only” API 2.0 endpoints	Run “alteration” API 2.0 endpoints
Alert Ignorers	For scopes without assigned roles	Only “ignore alert” endpoints
Auditors	For scopes without assigned roles
Default Approvers
License and Copyright Assigners	For scopes without assigned roles	Only “license and copyright assignment” endpoints
New Alert Email Receivers	For scopes without assigned roles
Organization Administrators
Organization Members	For scopes without assigned roles

Mend SCA API 2.0 - Product-level roles permissions

Role	Run “read-only” API 2.0 endpoints	Run “alteration” API 2.0 endpoints
Product Administrators	Only for their assigned product(s)	Only for their assigned product(s)
Product Alert Ignorers	Only for their assigned product(s)
Product Approver	Only for their assigned product(s)	Only “ignore alert” endpoints for their assigned product(s)
Product Assignment	Only for their assigned product(s)	Only “license and copyright assignment” endpoints for their assigned product(s)
Product Integrators	Only for their assigned product(s)
Product New Alert Email Receivers	Only for their assigned product(s)