Application Security - Policy Management permissions ↗
Configure AppSec Rules and Policies.
This section describes how to configure Application Security Policy Management (rules and policies) permissions.
AppSec RulesAppSec Rules are individual security detection rules that define what security issues to detect in code, IaC templates, packages, and CI/CD configurations. Each rule has a severity, category, and detection logic. Rules are the building blocks of AppSec Policies. To access AppSec Rules, go to → → → .
For more information, see Application Security Rules.
Permission | Description | Roles Example |
|---|---|---|
None | No access to AppSec Rules. | SOC Tier-1 and 2 Analysts: Rule configuration is outside the scope of case investigation. |
View | Read-only access to AppSec Rules. Users can browse, filter, and view rule details, including detection logic and severity. They cannot create, edit, enable/disable, or delete rules. |
|
View/Edit | Full access to manage AppSec Rules. Includes all View capabilities plus: create new rules via the Rules Wizard, edit existing rules, enable/disable rules, delete rules, and clone rules. Also grants access to the Rules Wizard steps (Code/Logic and Details). | Security Engineer: Creates custom detection rules, tunes built-in rules, and manages rule severity. |
AppSec policies are collections of rules with configurable actions (detect or prevent). Policies define the enforcement behavior, whether findings should be reported only (detect) or should block PRs/CI-CD pipelines (prevent). Policies can be scoped to specific assets/repositories and configured with triggers and actions. They are the primary mechanism for enforcing security guardrails in the development lifecycle. To access AppSec Policies, go to → → → .
For more information, see Application Security policies.
Permission | Description | Roles Example |
|---|---|---|
None | No access to AppSec Policies. | SOC Tier-1 and 2 Analysts: Rule configuration is outside the scope of case investigation. |
View | Read-only access to AppSec Policies. Users can browse, filter, and view policy details, including conditions, scope, and actions. They cannot create, edit, enable/disable, or delete policies. |
|
View/Edit | Full access to manage AppSec Policies. Includes all View capabilities plus: create new policies via the Policies Wizard, edit existing policies, enable/disable policies, delete policies, and clone policies. Also grants access to all Policies Wizard steps (General, Conditions, Scope, Triggers & Actions, Summary). | Security Engineer: Creates and manages security policies, configures detection/prevention actions, and guardrails. |