Fluid Attacks policy on authorization for clients | Fluid Attacks

Authorization for clients

Our platform has a set of necessary roles for every hacking project.


Once the client decides which members of their team should be project managers, Fluid Attacks assigns them the role, providing them the ability to give the minimum required permissions to other members of their team.

To protect the information of each group, which is the source code and its vulnerabilities, authorization is based on the Role-Based Access Control (RBAC) model, which will give access to the data through Roles and division of the projects (Groups).


The people with the roles (User Manager & Customer Manager) can define which team members will have access to the different groups and roles. These can be divided into three levels:

  1. Role at Organization level.
  2. Role at Group level.

Remember that all users using the platform can execute actions given according to each role, if you want to see the actions we invite you to enter here.

Requirements

  1. 035. Manage privilege modifications
  2. 095. Define users with privileges
  3. 096. Set user's required privileges
  4. 186. Use the principle of least privilege