Authorization for clients
Last updated: Mar 24, 2026
Our platform has a set of necessary roles for every hacking project.
Once the client decides which members of their team should be project managers, Fluid Attacks assigns them the role, providing them with the ability to give the minimum required permissions to other members of their team.
To protect the information of each group, which is the source code and its vulnerabilities, authorization is based on the Role-Based Access Control (RBAC) model, which will give access to the data through roles and division of the projects (Groups).
The people with the roles User Manager and Customer Manager can define which team members will have access to the different groups and roles. These can be divided into three levels:
- Role at the Organization level
- Role at the Group level
Remember that all users using the platform can execute actions given according to each role.
Requirements
- 035. Manage privilege modifications
- 095. Define users with privileges
- 096. Set user's required privileges
- 186. Use the principle of least privilege
Other secure authorization measures
Access revocation
Fluid Attacks follows a protocol of access revocation when employees take leave, have vacation, or leave the company.
Employee termination
The Fluid Attacks secure employee termination protocol covers key aspects of employee termination, including logical access revocation and hardware return.