Authorization for clients

Last updated: Mar 5, 2026

Our platform  has a set of necessary roles  for every hacking project.

Once the client decides which members of their team should be project managers, Fluid Attacks assigns them the role, providing them with the ability to give  the minimum required permissions  to other members of their team.

To protect the information of each group, which is the source code and its vulnerabilities, authorization is based on the Role-Based Access Control (RBAC)  model, which will give access to the data through roles and division of the projects (Groups).

The people with the roles User Manager and Customer Manager can define which team members will have access to the different groups and roles. These can be divided into three levels:

• Role at the Organization level
• Role at the Group level

Remember that all users using the platform  can execute actions given according to each role .

Requirements

• 035. Manage privilege modifications 
• 095. Define users with privileges 
• 096. Set user’s required privileges 
• 186. Use the principle of least privilege 

Other secure authorization measures

• Access revocation 
• Authorization for Fluid Attacks staff 
• Employee termination 
• Endpoint management 
• Secret rotation 
• Session management