Sysdig Secure Team Roles
Standard User
| Category | Item | Permission | Description |
|---|---|---|---|
| Advisor | Kubernetes API | READ | Kubernetes API feature |
| Live Logs | VIEW | Access Live Logs feature | |
| Alerts | Alerts | READ | Access the alerts in scope of a team |
| Captures / Investigate | Captures | READ | Access captures |
| Captures | VIEW | View captures in the UI | |
| Containment Response Actions | VIEW | View executions of Containment Response Actions | |
| Data Gathering Response Actions | VIEW | View executions of Response Actions that collect Data | |
| Data Access Settings | Groupings | EDIT | Create and edit custom groupings |
| Groupings | READ | Access default and custom groupings | |
| Metrics Data | READ | Access metrics data | |
| Metrics Descriptors | READ | Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar. | |
| Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
| Policy Events | READ | Access policy events | |
| Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
| Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
| Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
| Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
| Explore | READ | Metric querying with Explore | |
| Shared Groupings with Team | TOGGLE | Whether the user can share a custom Explore Grouping to the team. | |
| Identity | CIEM features | READ | Access information related to Cloud Infrastructure Entitlement Management. |
| Identity | CIEM features | EDIT | Modify compromised status of users flagged as Potentially Compromised. |
| Integrations | Helm Renderer | READ | Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the terraform snippet. |
| Infrastructure | READ | View discovered infrastructure | |
| Monitoring Integrations | READ | Access monitoring integration type or status | |
| Providers | READ | Related to cloud account setups (both Metric Stream and Cost Private Pricing). | |
| Policies | Posture Policies | READ | View Posture policies |
| Posture Controls | READ | View Posture Controls | |
| Zones | READ | View Zones that are assigned to current team | |
| Posture | Compliance | READ | Access Compliance results |
| Risk Acceptance | READ | Access to Posture Risk Acceptance management page | |
| Legacy Benchmark Tasks | EDIT | Create and modify scheduled Legacy benchmark and compliance tasks | |
| Legacy Benchmark Tasks | READ | Access scheduled Legacy benchmark tasks | |
| Legacy Benchmarks | READ | Access Legacy benchmark results | |
| Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
| Risk | Risks | READ | Read Risks |
| Scanning (legacy) | Image Import | EDIT | Import scanning images |
| Scanning | READ | Read scan results | |
| Scanning Alerts | READ | Access scanning alerts | |
| Scanning Image Results | CREATE | Create scanning events | |
| Scanning Image Results | READ | List scanning images | |
| Scanning Runtime | EDIT | Query runtime containers API | |
| Scanning Scheduled Reports | READ | View and download existing reports | |
| Scanning Trusted Images | READ | Access the trusted images list | |
| Scanning Untrusted Images | READ | Access the untrusted images list | |
| Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
| Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
| API Access Token | EDIT | Reset users API token in scope of a team | |
| API Access Token | READ | Access users API token in scope of a team | |
| API Access Token | VIEW | View your API token | |
| AWS Settings | READ | Access AWS settings | |
| Cloud Accounts | READ | Access cloud accounts | |
| Global Notification Channels | READ | Access global notification channels | |
| IAC | READ | Access IAC results | |
| Notification Channels | READ | Access notification channels in scope of a team | |
| Service Accounts | READ | Access service accounts in scope of a team | |
| Subscriptions | READ | Access customer subscription details | |
| Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
| Sysdig Storage | READ | View Sysdig storage configuration | |
| Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
| Reporting | READ | View and download scan reports | |
| Policy | READ | View policy details | |
| Risk Acceptance | READ | View Exceptions | |
| Registry Credentials | READ | View registry credentials |
Service Manager
| Category | Item | Permission | Description |
|---|---|---|---|
| Advisor | Kubernetes API | READ | Kubernetes API feature |
| Live Logs | VIEW | Access Live Logs feature | |
| Alerts | Alerts | READ | Access the alerts in scope of a team |
| Captures / Investigate | Captures | READ | Access captures |
| Captures | VIEW | View captures in the UI | |
| Containment Response Actions | VIEW | View executions of Containment Response Actions | |
| Data Gathering Response Actions | VIEW | View executions of Response Actions that collect Data | |
| Data Access Settings | Groupings | EDIT | Create and edit custom groupings |
| Groupings | READ | Access default and custom groupings | |
| Metrics Data | READ | Access metrics data associated with a time series. | |
| Metrics Descriptors | READ | Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar. | |
| Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
| Policy Events | READ | Access policy events | |
| Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
| Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
| Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
| Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
| Explore | READ | Metric querying with Explore | |
| Shared Groupings with Team | TOGGLE | Whether the user can share a custom Explore Grouping to the team. | |
| Identity | CIEM features | READ | Access information related to Cloud Infrastructure Entitlement Management. |
| Identity | CIEM features | EDIT | Modify compromised status of users flagged as Potentially Compromised. |
| Integrations | Helm Renderer | READ | Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the Terraform snippet. |
| Infrastructure | READ | View discovered infrastructure | |
| Monitoring Integrations | READ | Access monitoring integration type or status | |
| Providers | READ | Related to cloud account setups (both Metric Stream and Cost Private Pricing). | |
| Policies | Posture Policies | READ | View Posture policies |
| Posture Controls | READ | View Posture Controls | |
| Zones | READ | View Zones that are assigned to current team | |
| Posture | Compliance | READ | Access Compliance results |
| Risk Acceptance | READ | Access to Posture Risk Acceptance management page | |
| Legacy Benchmark Tasks | EDIT | Create and modify scheduled Legacy benchmark and compliance tasks | |
| Legacy Benchmark Tasks | READ | Access scheduled Legacy benchmark tasks | |
| Legacy Benchmarks | READ | Access Legacy benchmark results | |
| Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
| Risk | Risks | READ | Read Risks |
| Scanning (Legacy) | Image Import | EDIT | Import scanning images |
| Scanning | EXEC | Execute backend scanning | |
| Scanning | READ | Read scan results | |
| Scanning | WRITE | Modify scanning alerts and registry credentials | |
| Scanning Alerts | EDIT | Modify scanning alerts | |
| Scanning Alerts | READ | Access scanning alerts | |
| Scanning | Scanning Image Results | CREATE | Create scanning events |
| Scanning Image Results | READ | List scanning images | |
| Scanning Policy Assignments | READ | Access policy mappings | |
| Scanning Runtime | EDIT | Query runtime containers API | |
| Scanning Scheduled Reports | READ | View and download existing reports | |
| Scanning Trusted Images | READ | Access the trusted images list | |
| Scanning Untrusted Images | READ | Access the untrusted images list | |
| Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
| Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
| API Access Token | EDIT | Reset users API token in scope of a team | |
| API Access Token | READ | Access users API token in scope of a team | |
| API Access Token | VIEW | View your API token | |
| AWS Settings | READ | Access AWS settings | |
| Cloud Accounts | READ | Access cloud accounts | |
| Global Notification Channels | READ | Access global notification channels | |
| IAC | READ | Access IAC results | |
| Notification Channels | EDIT | Modify notification channels in scope of a team | |
| Notification Channels | READ | Access notification channels in scope of a team | |
| Service Accounts | READ | Access service accounts in scope of a team | |
| Subscriptions | READ | Access customer subscription details | |
| Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
| Sysdig Storage | READ | View Sysdig storage configuration | |
| Team Membership | EDIT | Invite other users to the teams | |
| Team Membership | READ | Access team members | |
| Team Membership Roles | EDIT | Modify team members roles | |
| Teams | MANAGE | Modify team settings without the ability to modify team membership for users | |
| Teams | READ | N/A | |
| Users | READ | Access existing users data | |
| Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
| Reporting | READ | View and download scan reports | |
| Reporting | WRITE | Create, modify, and delete reports | |
| Policy | READ | View policy details | |
| Policy | WRITE | Create, edit, and delete policies | |
| Risk Acceptance | READ | View Exceptions | |
| CLI Execution | EXEC | Ability to run CLI Scanner | |
| Scan Now | EXEC | Ability to instantly scan using Scan Now | |
| Registry Credentials | READ | View registry credentials | |
| Registry Credentials | WRITE | Add registry credentials | |
| Registry Scanner | EXEC | Ability to run Registry Scanner |
View Only
| Category | Item | Permission | Description |
|---|---|---|---|
| Advisor | Kubernetes API | READ | Kubernetes API feature |
| Live Logs | VIEW | Access Live Logs feature | |
| Alerts | Alerts | READ | Access the alerts in scope of a team |
| Captures / Investigate | Activity Audit Commands | READ | Access activity audit commands |
| Captures | READ | Access captures | |
| Captures | VIEW | View captures in the UI | |
| Containment Response Actions | VIEW | View executions of Containment Response Actions | |
| Data Gathering Response Actions | VIEW | View executions of Response Actions that collect Data | |
| Data Access Settings | Groupings | EDIT | Create and edit custom groupings |
| Groupings | READ | Access default and custom groupings | |
| Metrics Data | READ | Access metrics data associated with a time series. | |
| Metrics Descriptors | READ | Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar. | |
| Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
| Policy Events | READ | Access policy events | |
| Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
| Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
| Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
| Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
| Explore | READ | Metric querying with Explore | |
| Identity | CIEM features | READ | Access information related to Cloud Infrastructure Entitlement Management. |
| Integrations | Helm Renderer | READ | Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the Terraform snippet. |
| Infrastructure | READ | View discovered infrastructure | |
| Monitoring Integrations | READ | Access monitoring integration type or status | |
| Providers | READ | Related to cloud account setups (both Metric Stream and Cost Private Pricing). | |
| Network Security | Network Security | READ | Access Kubernetes Network Security policy advisor |
| Policies | Posture Policies | READ | View Posture policies |
| Posture Controls | READ | View Posture Controls | |
| Zones | READ | View Zones that are assigned to current team | |
| Image profiling | READ | View existing image profiles | |
| Policies | READ | Access policies | |
| Policy Advisor | READ | Read PSP advisor simulations | |
| Posture | Compliance | READ | Access Compliance results |
| Risk Acceptance | READ | Access to Posture Risk Acceptance management page | |
| Legacy Benchmark Tasks | EDIT | Create and modify scheduled Legacy benchmark and compliance tasks | |
| Legacy Benchmark Tasks | READ | Access scheduled Legacy benchmark tasks | |
| Legacy Benchmarks | READ | Access Legacy benchmark results | |
| Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
| Scanning (Legacy) | Scanning | READ | Read scan results |
| Scanning Alerts | READ | Access scanning alerts | |
| Scanning Image Results | READ | List scanning images | |
| Scanning Policies | READ | Access security policies | |
| Scanning Policy Assignments | READ | Access policy mappings | |
| Scanning Registry Credentials | READ | List container registries | |
| Scanning Runtime | EDIT | Query runtime containers API | |
| Scanning Scheduled Reports | READ | View and download existing reports | |
| Scanning Trusted Images | READ | Access the trusted images list | |
| Scanning Untrusted Images | READ | Access the untrusted images list | |
| Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
| Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
| API Access Token | EDIT | Reset users API token in scope of a team | |
| API Access Token | READ | Access users API token in scope of a team | |
| API Access Token | VIEW | View your API token | |
| AWS Settings | READ | Access AWS settings | |
| Cloud Accounts | READ | Access cloud accounts | |
| Global Notification Channels | READ | Access global notification channels | |
| IAC | READ | Access IAC results | |
| Notification Channels | READ | Access notification channels in scope of a team | |
| Service Accounts | READ | Access service accounts in scope of a team | |
| Subscriptions | READ | Access customer subscription details | |
| Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
| Settings | Sysdig Storage | READ | View Sysdig storage configuration |
| Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
| Reporting | READ | View and download scan reports | |
| Policy | READ | View policy details | |
| Risk Acceptance | READ | View Exceptions | |
| Registry Credentials | READ | View registry credentials |
Team Manager
| Category | Item | Permission | Description |
|---|---|---|---|
| Advisor | Kubernetes API | READ | Kubernetes API feature |
| Live Logs | VIEW | Access Live Logs feature | |
| Alerts | Alerts | EDIT | Modify alerts in scope of a team |
| Alerts | READ | Access the alerts in scope of a team | |
| Captures / Investigate | Activity Audit Commands | READ | Access activity audit commands |
| Captures | EDIT | Modify captures | |
| Captures | READ | Access captures | |
| Captures | VIEW | View captures in the UI | |
| Containment Response Actions | VIEW | View executions of Containment Response Actions | |
| Containment Response Actions | EXEC | Execute Containment Response Actions | |
| Data Gathering Response Actions | VIEW | View executions of Response Actions that collect Data | |
| Data Gathering Response Actions | EXEC | Execute Response Actions that collect Data | |
| Containment Response Actions | EXEC | Execute Containment Response Actions | |
| Rapid Response | EXEC | Use rapid response | |
| Data Access Settings | Datastream | READ | Access data stream configuration |
| Groupings | EDIT | Create and edit custom groupings | |
| Groupings | READ | Access default and custom groupings | |
| Metrics Data | READ | Access metrics data associated with a time series. | |
| Metrics Descriptors | READ | Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar. | |
| Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
| Policy Events | READ | Access policy events | |
| Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
| Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
| Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
| Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
| Explore | EDIT | N/A | |
| Explore | READ | Metric querying with Explore | |
| Shared Groupings with Team | TOGGLE | Whether the user can share a custom Explore Grouping to the team. | |
| Identity | CIEM features | READ | Access information related to Cloud Infrastructure Entitlement Management. |
| Identity | CIEM features | EDIT | Modify compromised status of users flagged as Potentially Compromised. |
| Integrations | Helm Renderer | READ | Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the Terraform snippet. |
| Infrastructure | READ | View discovered infrastructure | |
| Monitoring Integrations | READ | Access monitoring integration type or status | |
| Providers | READ | Related to cloud account setups (both Metric Stream and Cost Private Pricing). | |
| Network Security | Network Security | READ | Access Kubernetes Network Security policy advisor |
| Policies | Zones | EDIT | View and Edit All Zones |
| Posture Policies | EDIT | View and Edit Posture policies | |
| Posture Controls | EDIT | View and Edit Posture Controls | |
| Image profiling | EXEC | Execute image profiling | |
| Image profiling | READ | View existing image profiles | |
| Image profiling | WRITE | Write image profiles | |
| Policies | EDIT | Modify policies | |
| Policies | READ | Access policies | |
| Policy Advisor | EXEC | Execute PSP advisor simulation | |
| Policy Advisor | READ | Read PSP advisor simulations | |
| Policy Advisor | WRITE | Create PSP advisor simulation | |
| Posture | Compliance | READ | Access Compliance results |
| Risk Acceptance | EDIT | Access and modify Posture Risk Acceptance | |
| Open PR | EDIT | Setup Pull Requests from posture remediation panel | |
| Legacy Benchmark Tasks | EDIT | Access, Create and modify scheduled Legacy benchmark and compliance tasks | |
| Legacy Benchmarks | READ | Access Legacy benchmark results | |
| Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
| Risk | Risks | READ | Read Risks |
| Scanning | Image Import | EDIT | Import scanning images |
| Scanning | EXEC | Execute backend scanning | |
| Scanning | READ | Read scan results | |
| Scanning | WRITE | Modify scanning alerts and registry credentials | |
| Scanning Alerts | EDIT | Modify scanning alerts | |
| Scanning Alerts | READ | Access scanning alerts | |
| Scanning Image Results | CREATE | Create scanning events | |
| Scanning Image Results | READ | List scanning images | |
| Scanning Policies | EDIT | Modify security policies | |
| Scanning Policies | READ | Access security policies | |
| Scanning Policy Assignments | EDIT | Create and modify policy mappings | |
| Scanning Policy Assignments | READ | Access policy mappings | |
| Scanning Registry Credentials | EDIT | Create and modify container registries configuration | |
| Scanning Registry Credentials | READ | List container registries | |
| Scanning Runtime | EDIT | Query runtime containers API | |
| Scanning Scheduled Reports | EDIT | Create and modify reports | |
| Scanning Scheduled Reports | READ | View and download existing reports | |
| Scanning Trusted Images | EDIT | Modify the trusted images list | |
| Scanning Trusted Images | READ | Access the trusted images list | |
| Scanning Untrusted Images | EDIT | Modify the untrusted images list | |
| Scanning Untrusted Images | READ | Access the untrusted images list | |
| Scanning Vulnerability Exceptions | EDIT | Edit vulnerability exceptions | |
| Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
| Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
| API Access Token | EDIT | Reset users API token in scope of a team | |
| API Access Token | READ | Access users API token in scope of a team | |
| API Access Token | VIEW | View your API token | |
| AWS Settings | READ | Access AWS settings | |
| Cloud Accounts | READ | Access cloud accounts | |
| Global Notification Channels | READ | Access global notification channels | |
| IAC | READ | Access IAC results | |
| Notification Channels | EDIT | Modify notification channels in scope of a team | |
| Notification Channels | READ | Access notification channels in scope of a team | |
| Service Accounts | EDIT | Modify service accounts in scope of a team | |
| Service Accounts | READ | Access service accounts in scope of a team | |
| Subscriptions | READ | Access customer subscription details | |
| Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
| Sysdig Storage | READ | View Sysdig storage configuration | |
| Teams | MANAGE | Modify team settings without the ability to modify team membership for users | |
| Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
| Reporting | READ | View and download scan reports | |
| Reporting | WRITE | Create, modify, and delete reports | |
| Policy | READ | View policy details | |
| Policy | WRITE | Create, edit, and delete policies | |
| Risk Acceptance | READ | View Exceptions | |
| Risk Acceptance | WRITE | Create, update, and delete Exceptions | |
| CLI Execution | EXEC | Ability to run CLI Scanner | |
| Scan Now | EXEC | Ability to instantly scan using Scan Now | |
| Registry Credentials | READ | View registry credentials | |
| Registry Credentials | WRITE | Add registry credentials | |
| Registry Scanner | EXEC | Ability to run Registry Scanner |
Advanced User
| Category | Item | Permission | Description |
|---|---|---|---|
| Advisor | Kubernetes API | READ | Kubernetes API feature |
| Live Logs | VIEW | Access Live Logs feature | |
| Alerts | Alerts | EDIT | Modify alerts in scope of a team |
| Alerts | READ | Access the alerts in scope of a team | |
| Captures / Investigate | Activity Audit Commands | READ | Access activity audit commands |
| Captures | EDIT | Modify captures | |
| Captures | READ | Access captures | |
| Captures | VIEW | View captures in the UI | |
| Containment Response Actions | VIEW | View executions of Containment Response Actions | |
| Containment Response Actions | EXEC | Execute Containment Response Actions | |
| Data Gathering Response Actions | VIEW | View executions of Response Actions that collect Data | |
| Data Gathering Response Actions | EXEC | Execute Response Actions that collect Data | |
| Rapid Response | EXEC | Use rapid response | |
| Data Access Settings | Datastream | READ | Access data stream configuration |
| Groupings | EDIT | Create and edit custom groupings | |
| Groupings | READ | Access default and custom groupings | |
| Metrics Data | READ | Access metrics data associated with a time series. | |
| Metrics Descriptors | READ | Access metrics descriptors, which are unique combinations of metrics and labels that create a time series. For example, sysdig_container_cpu_used_percenthost_hostname=foo,region=bar. | |
| Events | Custom Events | READ | Access the infrastructure and other events created by Sysdig Agent or Sysdig API |
| Policy Events | READ | Access policy events | |
| Explore / Metrics | Agent Console | VIEW | Use Agent Console commands |
| Agent Console - Agent Status | READ | Use Agent Console commands which access agent status | |
| Agent Console - Configuration | VIEW | Use Agent Console commands to view the configuration of the agent which does not contain sensitive information like passwords | |
| Agent Console - Network Calls | EXEC | Use Agent Console commands which make network calls to remote pods and endpoints | |
| Explore | EDIT | N/A | |
| Explore | READ | Metric querying with Explore | |
| Shared Groupings with Team | TOGGLE | Whether the user can share a custom Explore Grouping to the team. | |
| Identity | CIEM features | READ | Access information related to Cloud Infrastructure Entitlement Management. |
| Identity | CIEM features | EDIT | Modify compromised status of users flagged as Potentially Compromised. |
| Integrations | Helm Renderer | READ | Access Helm-renderer component. During cloud account setup in Secure, the wizard calls the Helm Renderer to generate the Terraform snippet. |
| Infrastructure | READ | View discovered infrastructure | |
| Monitoring Integrations | READ | Access monitoring integration type or status | |
| Providers | READ | Cloud account setups (both Metric Stream and Cost Private Pricing). | |
| Network Security | Network Security | READ | Access Kubernetes Network Security policy advisor |
| Policies | Zones | EDIT | View and Edit All Zones |
| Posture Policies | EDIT | View and Edit Posture policies | |
| Posture Controls | EDIT | View and Edit Posture Controls | |
| Image profiling | EXEC | Execute image profiling | |
| Image profiling | READ | View existing image profiles | |
| Image profiling | WRITE | Write image profiles | |
| Policies | EDIT | Modify policies | |
| Policies | READ | Access policies | |
| Policy Advisor | EXEC | Execute PSP advisor simulation | |
| Policy Advisor | READ | Read PSP advisor simulations | |
| Policy Advisor | WRITE | Create PSP advisor simulation | |
| Compliance | READ | Access Compliance results | |
| Risk Acceptance | EDIT | Access and modify Posture Risk Acceptance | |
| Posture | Open PR | EDIT | Setup Pull Requests from posture remediation panel |
| Legacy Benchmark Tasks | EDIT | Access, Create and modify scheduled Legacy benchmark and compliance tasks | |
| Legacy Benchmarks | READ | Access Legacy benchmark results | |
| Legacy Compliance | READ | Access Legacy Compliance tasks and reports | |
| Risk | Risks | READ | Read Risks |
| Scanning (Legacy) | Image Import | EDIT | Import scanning images |
| Scanning | EXEC | Execute backend scanning | |
| Scanning | READ | Read scan results | |
| Scanning | WRITE | Modify scanning alerts and registry credentials | |
| Scanning Alerts | EDIT | Modify scanning alerts | |
| Scanning Alerts | READ | Access scanning alerts | |
| Scanning Image Results | CREATE | Create scanning events | |
| Scanning Image Results | READ | List scanning images | |
| Scanning Policies | EDIT | Modify security policies | |
| Scanning Policies | READ | Access security policies | |
| Scanning Policy Assignments | EDIT | Create and modify policy mappings | |
| Scanning Policy Assignments | READ | Access policy mappings | |
| Scanning Registry Credentials | EDIT | Create and modify container registries configuration | |
| Scanning Registry Credentials | READ | List container registries | |
| Scanning Runtime | EDIT | Query runtime containers API | |
| Scanning Scheduled Reports | EDIT | Create and modify reports | |
| Scanning Scheduled Reports | READ | View and download existing reports | |
| Scanning Trusted Images | EDIT | Modify the trusted images list | |
| Scanning Trusted Images | READ | Access the trusted images list | |
| Scanning Untrusted Images | EDIT | Modify the untrusted images list | |
| Scanning Untrusted Images | READ | Access the untrusted images list | |
| Scanning Vulnerability Exceptions | EDIT | Edit vulnerability exceptions | |
| Scanning Vulnerability Exceptions | READ | Access vulnerability exceptions | |
| Settings | Agent Installation | READ | Get agent access key (required for agent installation) |
| API Access Token | EDIT | Reset users API token in scope of a team | |
| API Access Token | READ | Access users API token in scope of a team | |
| API Access Token | VIEW | View your API token | |
| AWS Settings | READ | Access AWS settings | |
| Cloud Accounts | READ | Access cloud accounts | |
| Global Notification Channels | READ | Access global notification channels | |
| IAC | READ | Access IAC results | |
| Notification Channels | EDIT | Modify notification channels in scope of a team | |
| Notification Channels | READ | Access notification channels in scope of a team | |
| Service Accounts | READ | Access service accounts in scope of a team | |
| Subscriptions | READ | Access customer subscription details | |
| Sysdig Secure Settings | EDIT | Modify Sysdig Secure configuration | |
| Sysdig Storage | READ | View Sysdig storage configuration | |
| Vulnerability Management | Scan Results | READ | View scan results on the Pipeline, Runtime, and Registry UI. Retrieve SBOM results from the SBOM API. |
| Reporting | READ | View and download scan reports | |
| Reporting | WRITE | Create, modify, and delete reports | |
| Policy | READ | View policy details | |
| Policy | WRITE | Create, edit, and delete policies | |
| Risk Acceptance | READ | View Exceptions | |
| Risk Acceptance | WRITE | Create, update, and delete Exceptions | |
| CLI Execution | EXEC | Ability to run CLI Scanner | |
| Scan Now | EXEC | Ability to instantly scan using Scan Now | |
| Registry Credentials | READ | View registry credentials | |
| Registry Credentials | WRITE | Add registry credentials | |
| Registry Scanner |