- Semgrep App
- Community Tier
- Team & Enterprise Tier
Managing users and roles
Accounts enable you to manage access to Semgrep resources, such as scans and findings, with varying levels of collaboration and visibility.
Semgrep App has two types of accounts:
- Personal account
- Every person who signs into Semgrep App is first signed in to a personal account. In a personal account, your findings, projects, private rules, and scans are visible only to you.
- Organization account
- To collaborate with others, create an organization account. An organization account in Semgrep App requires an existing organization from your source code management (SCM) tool. Creating this type of account integrates Semgrep App into your organization. A user can be part of many Semgrep App organization accounts, provided that they are a member of that organization in their SCM.
Users from the same organization can sign into Semgrep App with their SCM's credentials and are automatically added to the organization account. Semgrep App can also detect the organization's repositories available for scanning.
In organization accounts, collaborators can collectively manage Semgrep App. By default, users can:
- Add projects to scan.
- View and triage findings.
- Determine what rules to run and set up actions that Semgrep App will perform.
- Manage tokens and other settings.
- View an organization's private rules.
Semgrep App can restrict features based on user roles. See Controlling access through roles.
By creating an organization account, teams can collaborate on rule writing and the management of repositories. Teams with organization accounts can enforce organization-wide standards and secure their repositories at scale.
Controlling access through roles
Access control in Semgrep App determines the resources and features that are available to users based on their role. This role-based access control (RBAC) feature is available for organizations on Team/Enterprise tiers.
Setting up RBAC
Semgrep App divides users into two roles:
Users in organizations without RBAC enabled are assigned an
admin role by default.
Community-tier (Free) users are assigned an
admin role by default.
The following table displays features available to each role:
|Rule Board (Policies)||no||yes||Only |
To enable RBAC, please contact r2c at firstname.lastname@example.org.
Upon enabling RBAC for the first time, current members of the organization are
admins. New members added thereafter are automatically
Changing a user's role
- You must be an
adminto perform this operation.
- You may need to log out and log back in after enabling RBAC for your organization.
To change a user's role:
- On Semgrep App's sidebar, click Settings.
- Click on the Members tab.
- Search for the member whose role will be changed.
- Click on the member's current role, under the role header. A drop-down box appears.
- Select the new role for the member.
You cannot change your own role.
Find what you needed in this doc? Join the Semgrep Community Slack group to ask the maintainers and the community if you need help.