Access Control & Permissions

BrowserStack Code Quality is underpinned by a robust access control and permissions system that secures features and governs who can perform actions—from viewing analysis results to managing system-wide configuration. It integrates with external authentication systems (LDAP, SAML/SSO) for streamlined identity and role mapping.

User Roles and Their Permissions

BrowserStack Code Quality defines multiple user roles, each with a predefined permission set aligned to organizational responsibilities.

Account Administrator

The highest-privilege role. Full administrative access: create/edit/delete projects, manage users, configure system-wide settings (SSO, licensing).

Project Administrator

Manages project-level resources: create/edit/delete projects and associated repositories. No user management permissions.

User Administrator

Specializes in user lifecycle: invite, edit, suspend, delete users. No project or repository access.

Manager

Manages projects and repositories, performs scans, and configures repositories. Can create projects if the allow_manage_project environment variable is enabled.

Analyser

Focuses on code analysis: perform scans, view history, configure repository settings, manage snapshots. Can approve or reject suppression requests.

Explorer

Read‑only: view scan results, repository details, dashboards. Can create private dashboards; cannot create public/shared dashboards.

Contributor

Project-level role: manage snapshots and (in earlier versions) perform scans. Currently scan permissions may be restricted depending on configuration. Higher access than Explorer; lower than Analyser.

Authentication and Role Mapping

BrowserStack Code Quality supports LDAP and SAML/SSO for authentication and automated group-to-role mapping.

LDAP Configuration

LDAP provides directory authentication and maps groups to global roles (e.g., code_quality_account_admin) and project roles (e.g., code_quality_manager_{project_name}).

SSO Configuration

SSO (on‑premises) authenticates users via an IdP. Attributes (email, first name, last name) map to user profiles. Groups map to global or project roles; optional group prefixes provide flexible mapping.

Access Control in Specific Features

Granular access control ensures data privacy and workflow integrity across feature areas.

Dashboards

Control who can edit, rename, delete, reset, and share. Dashboards may be private (creator + explicit access) or public (all users with repository access). Explorers can only create private dashboards.

Issue Suppression and Grouping

Administrators control whether suppression or grouping is allowed per repository. Disallow lists ("disallow tags") can restrict specific suppression or grouping tags.

Code Quality Badges

Two badge types: Overall Rating and Quality Gate. Add them to a repository README.md to display current health status.

Development History & Code Review Workflows

Workflows (Commit Workflow, Pull Request Workflow) scan changed files and surface issues directly in the UI. Permissions determine who can monitor scans and review changes.

API Access

API access token management is available to all roles for programmatic integration.

BrowserStack Code Quality’s access and permissions system delivers a flexible framework for managing roles, controlling feature access, and safeguarding data across all analysis and quality management capabilities.

Was this page helpful?

Access Control & Permissions ​

User Roles and Their Permissions ​

Account Administrator ​

Project Administrator ​

User Administrator ​

Manager ​

Analyser ​

Explorer ​

Contributor ​

Authentication and Role Mapping ​

LDAP Configuration ​

SSO Configuration ​

Access Control in Specific Features ​

Dashboards ​

Issue Suppression and Grouping ​

Code Quality Badges ​

Development History & Code Review Workflows ​

API Access ​