How configure RBAC for Application Roles

Navigate to URL

Open your browser and visit: https://<your-tenant>.apisecapps.com

Visit the application.

Click on "See more" to open the application
On the Application details page click the "Configure RBAC" item on the app modal timeline

Configure RBAC

Click the "Add Authentication" button, enter the "Auth details" and click "Save Credentials" button to create an authentication
You will be prompted to enter a "Role Name" for the authentication that you have just created. Enter the role name and click next to go to the next step.
Enable the role created for RBAC by checking the checkbox for the corresponding role under the "Include for RBAC" column
Click the "Discover RBAC Permissions" button to discover permissions for the created role
Review the discovered permissions, make changes where necessary and click the "Start RBAC" button to confirm that the configuration be included for testing RBAC coverage categories from the subsequent scan
After successful configuration, you should be redirected back to the application details page where the "RBAC Configured" timeline item should be checked

Edit User Access

The Edit User Access allows to modify the roles assigned to an existing credentials within the RBAC (Role-Based Access Control) and check the access permissions for the updated role.

Click on See more to open the application
Click RBAC Configuration in Progress in App Model
Click Edit User Access
You can add new roles, delete existing roles, or update user roles. To update an existing user role, first delete the current User Role,
Update User role and Click Next
Click on Include in Access Test check box and Click Run Access Checks
Check updated User Role

Re-Run Access Checks

The Re-Run Access Checks allows to re test the selected role access permissons

Click on See more to open the application
Click RBAC Configuration in Progress in App Model
Click Re-Run Access Checks
Re check the permissions for the Selected user role.

Re-Test Permissions

The Re-Test permissions allows you to re test the selected endpoint

Click on See more to open the application
Click RBAC Configuration in Progress in App Model
Disable the consolidated view
Click on options of the endpoint and select Retest Permissions to perform re testing the permissions for the selected endpoint.

RBAC Map

The RBAC (Role-Based Access Control) Map helps you quickly verify which API endpoints are accessible for a selected role or roles.

Download RBAC Map
- Click on See more to open the application
- Click RBAC Configuration in Progress in App Model
- Click RBAC Map → Download RBAC Map. You can edit and update this CSV file and upload it to quickly verify role-based access permissions.
Upload RBAC Map
- Click on See more to open the application
- Click RBAC Configuration in Progress in App Model
- Click RBAC Map → Upload RBAC Map
- Click Browse files and upload the RBAC Map
- Click Upload File
- Verify and confirm the Access Permissions for each endpoint
Upload RBAC Map During Configuration

You can also configure RBAC in a new application using a RBAC Map CSV file.
- Click on "See more" to open the application
- On the Application details page click the "Configure RBAC" on the app modal timeline
- Click the "Set Up User Access", enter the details and click "Save Credentials" to create an authentication
- You will be prompted to enter a "Role Name" for the authentication that you have just created. Enter the role name and click next to go to the next step.
- Enable the role created for RBAC by checking the checkbox for the corresponding role under the "Include for RBAC" column
- Click Upload RBAC Map
- Click Browse files and upload the RBAC Map
- Click Upload File
- Verify and confirm the Access Permissions for each endpoint