Application Security - Policy Management permissions

Abstract

Configure AppSec Rules and Policies.

This section describes how to configure Application Security Policy Management (rules and policies) permissions.

AppSec Rules

AppSec Rules are individual security detection rules that define what security issues to detect in code, IaC templates, packages, and CI/CD configurations. Each rule has a severity, category, and detection logic. Rules are the building blocks of AppSec Policies. To access AppSec Rules, go to ModulesApplication SecurityPolicy ManagementAppSec Rules.

For more information, see Application Security Rules.

Permission

Description

Roles Example

None

No access to AppSec Rules.

SOC Tier-1 and 2 Analysts: Rule configuration is outside the scope of case investigation.

View

Read-only access to AppSec Rules. Users can browse, filter, and view rule details, including detection logic and severity. They cannot create, edit, enable/disable, or delete rules.

  • SOC Tier-3 Analyst: May need to review detection rules to understand why specific findings were generated.

  • Threat Hunter: Reviews detection rules to understand coverage and identify detection gaps.

View/Edit

Full access to manage AppSec Rules. Includes all View capabilities plus: create new rules via the Rules Wizard, edit existing rules, enable/disable rules, delete rules, and clone rules. Also grants access to the Rules Wizard steps (Code/Logic and Details).

Security Engineer: Creates custom detection rules, tunes built-in rules, and manages rule severity.

AppSec Policies

AppSec policies are collections of rules with configurable actions (detect or prevent). Policies define the enforcement behavior, whether findings should be reported only (detect) or should block PRs/CI-CD pipelines (prevent). Policies can be scoped to specific assets/repositories and configured with triggers and actions. They are the primary mechanism for enforcing security guardrails in the development lifecycle. To access AppSec Policies, go to ModulesApplication SecurityPolicy ManagementAppSec Policies.

For more information, see Application Security policies.

Permission

Description

Roles Example

None

No access to AppSec Policies.

SOC Tier-1 and 2 Analysts: Rule configuration is outside the scope of case investigation.

View

Read-only access to AppSec Policies. Users can browse, filter, and view policy details, including conditions, scope, and actions. They cannot create, edit, enable/disable, or delete policies.

  • SOC Tier-3 Analyst: May need to review policies to understand enforcement behavior during investigations.

  • Threat Hunter: Reviews policies to understand what is being enforced and identify policy gaps

View/Edit

Full access to manage AppSec Policies. Includes all View capabilities plus: create new policies via the Policies Wizard, edit existing policies, enable/disable policies, delete policies, and clone policies. Also grants access to all Policies Wizard steps (General, Conditions, Scope, Triggers & Actions, Summary).

Security Engineer: Creates and manages security policies, configures detection/prevention actions, and guardrails.