ResourcesAccess & security model

Role-based access control

Vuln Pro Scan applies least privilege: users only receive the permissions needed for their job. High-impact actions use separation of duties so a single account cannot both request sensitive authorization and launch privileged real-world testing unless your organization explicitly assigns roles that way across different people (recommended).

Authenticated access

Product features require sign-in. The platform does not expose privileged workflows to anonymous visitors. Sessions use secure cookies; after administrators change role allowlists in server configuration, affected users must sign out and sign in again so their role syncs from the database.

Permissions, not ad-hoc checks

Authorization is evaluated as permissions (e.g. request a launch code, validate a code, launch a real test, read audit exports) granted to roles. API routes always re-check permissions server-side — the UI never replaces backend enforcement.

Default deny — if a permission is not explicitly granted to your role, the action is blocked.
Horizontal scope — you can only access data for your organization (and approved targets) enforced by the server and execution service.
No silent bypass — if privileged services or role mappings are not configured, flows fail safely with a clear message.

Roles used today (real penetration testing)

Administrative assignment uses server configuration (e.g. comma-separated email lists). Do not put privileged emails in client-side configuration. The product does not auto-upgrade users to privileged roles.

USER: Standard access: eligible plans, organization-scoped scans, findings, and reports you are entitled to. Cannot request authorization codes or launch real penetration tests in the privileged workflow.
SECURITY_OPERATOR: May request one-time authorization codes and validate codes (dry run) when preparing a launch. Cannot launch real penetration tests — that is reserved for Pen Test Admins (separation of duties).
PEN_TEST_ADMIN: May validate codes and launch real penetration tests against registered, approved targets in your organization. Cannot request new authorization codes; they must come from a Security Operator. May access audit exports where enabled.
ORG_ADMIN / OWNER (roadmap): Broader organization management (members, targets, settings) may be introduced as a separate role without granting penetration test launch rights by default.

Targets and exports

Real penetration tests may only run against registered targets that meet approval rules. Exports and sensitive artifacts require appropriate entitlements and server-side checks — other organizations’ data is never returned because of UI hiding alone.

For the privileged launch UI (after sign-in), see Launch authorized real penetration test. For coverage of security checks in scanning, see Scan coverage.