Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Enterprise Edition

Role-based access control

  • Last updated: July 16, 2024

  • Read time: 1 Minute

Burp Suite Enterprise Edition uses role-based access control. Once you've added your users, you can manage their permissions using roles and groups:

  • A user represents a person who has access to Burp Suite Enterprise Edition via the web interface, or a system that has access via one of the APIs.
  • A role is a set of permissions to perform specific actions, such as scheduling and deleting scans. You assign roles to groups of users.
  • A group is a collection of users with an assigned set of roles.

You can also restrict groups to certain sites.

You can configure groups in two different ways:

Vertical segregation of permissions

You can use the roles assigned to a group to provide vertical segregation of permissions. This means that different categories of users can perform different types of actions. For example, you can allow some users to initiate scans, and you can limit others so that they can only view scan results.

Horizontal segregation of permissions

You can restrict users' access to specific sites. This allows for horizontal segregation of permissions, meaning users can only perform their permitted actions on data related to their sites.

Was this article helpful?