Skip to main content

How configure RBAC for Application Roles


Visit Application


Configure RBAC

  • Click the Set Up User Access

    Click Add Authentication

  • Enter the Credential Name and select Credential Method and enter the required values

    Click Add Authentication

  • click Save Credentials to create an authentication

    Click Save Authentication

  • You will be prompted to enter a "Role Name" for the authentication that you have just created. Enter the role name and click next to go to the next step.

    Click start RBAC

  • Click Next

    Click confirm RBAC

  • Select the role by checking the checkbox for the corresponding role under the Include In Access Test column

    Enable for RBAC

  • Click the Run Access Checks to discover permissions for the selected role

    discover permissions

  • Review the discovered permissions, make changes where necessary

    click Start RBAC

  • Click the Save Access Mapping button to confirm that the configuration be included for testing RBAC coverage categories from the subsequent scan

    click confirm RBAC

  • Select the Role and Click Save Selection

    click confirm RBAC

  • Confirm that the RBAC pill is displayed in green in the App Model section, indicating that RBAC has been successfully configured.

    RBAC Confirmed

Edit User Access

The Edit User Access allows to modify the roles assigned to an existing credentials within the RBAC (Role-Based Access Control) and check the access permissions for the updated role.

  • Open your browser and visit: https://<your-tenant>.apisecapps.com

  • Click on Application

    alt text

  • On the Application details page click RBAC from left navigation

    Click configure RBAC

  • Click Edit User Access

    RBAC Confirmed

  • You can add new roles, delete existing roles, or update user roles. To update an existing user role, first delete the current User Role,

    RBAC Confirmed

  • Update User role and Click Next

    RBAC Confirmed

  • Click on Include in Access Test check box and Click Run Access Checks

    RBAC Confirmed

  • Check updated User Role

    RBAC Confirmed

  • Click Save Access Maapping

    RBAC Confirmed

  • Select Role and Click Save Selection

    RBAC Confirmed

Re-Run Access Checks

The Re-Run Access Checks allows to re test the selected role access permissons

  • Open your browser and visit: https://<your-tenant>.apisecapps.com

  • Click on Application

    alt text

  • On the Application details page click RBAC from left navigation

    Click configure RBAC

  • Click Re-Run Access Checks

    RBAC Confirmed

  • Re check the permissions for the Selected user role.

    RBAC Confirmed

Re-Test Permissions

The Re-Test permissions allows you to re test the selected endpoint

  • Open your browser and visit: https://<your-tenant>.apisecapps.com

  • Click on Application

    alt text

  • On the Application details page click RBAC from left navigation

    Click configure RBAC

  • Disable the consolidated view

    RBAC Confirmed

  • Click on options of the endpoint and select Retest Permissions to perform re testing the permissions for the selected endpoint.

    RBAC Confirmed

RBAC Map

The RBAC (Role-Based Access Control) Map helps you quickly verify which API endpoints are accessible for a selected role or roles.

  • Download RBAC Map

  • Open your browser and visit: https://<your-tenant>.apisecapps.com

  • Click on Application

    alt text

  • On the Application details page click RBAC from left navigation

    Click configure RBAC

    • Click RBAC Map → Download RBAC Map. You can edit and update this CSV file and upload it to quickly verify role-based access permissions.

      RBAC Confirmed

  • Upload RBAC Map

  • Open your browser and visit: https://<your-tenant>.apisecapps.com

  • Click on Application

    alt text

  • On the Application details page click RBAC from left navigation

    Click configure RBAC

    • Click RBAC Map → Upload RBAC Map. You can edit and update this CSV file and upload it to quickly verify role-based access permissions.

      RBAC Confirmed

    • Click Browse files and upload the RBAC Map

      RBAC Confirmed

    • Click Upload File

      RBAC Confirmed

    • Verify and confirm the Access Permissions for each endpoint

      RBAC Confirmed

  • Upload RBAC Map During Configuration

    You can also configure RBAC in a new application using a RBAC Map CSV file.

    • Open your browser and visit: https://<your-tenant>.apisecapps.com

    • Click on Application

      alt text

    • On the Application details page click RBAC from left navigation

      Click configure RBAC

    • Click the Set Up User Access

      Click Add Authentication

    • Enter the Credential Name and select Credential Method and enter the required values

      Click Add Authentication

    • click Save Credentials to create an authentication

      Click Save Authentication

    • You will be prompted to enter a "Role Name" for the authentication that you have just created. Enter the role name.

      Click start RBAC

    • Click Next

      Click confirm RBAC

    • Select the role by checking the checkbox for the corresponding role under the Include In Access Test column

      Enable for RBAC

    • Click Upload RBAC Map

      Click configure RBAC

    • Click Browse files and upload the RBAC Map

      Click configure RBAC

    • Click Upload File

      Click configure RBAC

    • Verify and confirm the Access Permissions for each endpoint

      Click configure RBAC

Viewing RBAC endpoint logs

To check logs for each endpoint, switch off Consolidated View.

  • Open your browser and visit: https://<your-tenant>.apisecapps.com

  • Click on Application

    alt text

  • On the Application details page click RBAC from left navigation

    Click configure RBAC

  • Switch off Consolidate View

    RBAC Confirmed

  • Check Logs

    Click configure RBAC

    note

    These logs are only visible after running access checks.

Skip Endpoints for RBAC

If you manage APIs with session-sensitive endpoints such as logout, token revocation, or session invalidation. These endpoints can interrupt active sessions if they are executed during RBAC testing.

You can now exclude these endpoints from RBAC access checks to avoid unintended session termination.

By skipping session-sensitive endpoints, RBAC testing:

  • Keeps your session active during the entire test run
  • Delivers accurate and trustworthy RBAC results
  • Avoids false access failures caused by session invalidation
  • Saves time by reducing repeated tests and manual troubleshooting

To Skip Endpoints

  • Open your browser and visit: https://<your-tenant>.apisecapps.com

  • Click on Application

    alt text

  • On the Application details page click RBAC from left navigation

    Click configure RBAC

  • Click on Skip Endpoints

    Click See More

  • Click on Select Endpoints to Skip

    Click See More

  • Select the endpoint and click on Skip Selected Endpoints

    Click See More

  • View the Skipped endpoints list

    Click See More

Restore Skipped Endpoints

To restore skipped endpoints

  • Open your browser and visit: https://<your-tenant>.apisecapps.com

  • Click on Application

    alt text

  • On the Application details page click RBAC from left navigation

    Click configure RBAC

  • Click on Skip Endpoints

    Click See More

  • Skipped Endpoints list

    Click See More

  • Select the endpoint to restore and Click on Restore Selected Endpoints

    Click See More

  • The restored endpoints are availbel for RBAC access checks.