User Access & Role-Based Permissions

BrowserStack Code Quality provides enterprise-grade Role-Based Access Control (RBAC) to ensure secure, organized, and efficient code quality management across your organization.

Why RBAC Matters

Security First Granular access controls ensure sensitive code and configurations are only accessible to authorized personnel, reducing data breach risks and maintaining compliance standards.

Focused Productivity Each role sees only the tools and interfaces relevant to their responsibilities, eliminating interface clutter and accelerating daily workflows.

Complete Auditability Track all user actions with full audit trails, supporting SOX, ISO 27001, and other compliance frameworks requiring detailed access logging.

Role Personas

Account Administrator

Scope: Organization-wide
Best For: IT Directors, Security Officers
Complete system oversight including user management, licensing, SSO configuration, and global quality policies.

Project Administrator

Scope: Project-level
Best For: Engineering Managers, Team Leads
Manages project lifecycle, repository assignments, and team quality gate configurations within assigned projects.

User Administrator

Scope: User management only
Best For: HR Systems, People Operations
Dedicated user lifecycle management: invitations, profile updates, role assignments, and deactivations.

Manager

Scope: Project operations
Best For: Senior Developers, DevOps Engineers
Configures scanning workflows, integrates CI/CD pipelines, and manages repository-level quality gates.

Analyser

Scope: Code analysis
Best For: Code Reviewers, Quality Engineers
Executes scans, configures analysis parameters, and manages code quality findings and suppressions.

NOTE

Recent Enhancement: The Analyser role now includes approval/rejection of suppression requests, enabling faster team velocity without requiring manager intervention.

Explorer

Scope: Read-only access
Best For: Stakeholders, Junior Developers
Views scan results, quality trends, and audit reports without modification capabilities.

Contributor

Scope: Development workflow
Best For: Active Developers, CI/CD Systems
Participates in scanning, snapshot management, and configuration downloads for development environments.

Project & Repository Permissions

Capability	Account Admin	Project Admin	Manager	Analyser	Contributor	Explorer
Create Project	✅	✅	⚠️¹	⚠️¹	❌	❌
Edit/Delete Project	✅	✅	✅	❌	❌	❌
Repository Scanning	✅	✅	✅	✅	✅	❌
Scan Configuration	✅	✅	✅	✅	❌	❌
Quality Gates	✅	✅	❌	❌	❌	❌
Suppression Approval	✅	✅	✅	✅	❌	❌
CI/CD Integration	✅	✅	✅	❌	❌	❌
Repository Link/Unlink	✅	✅	✅	❌	❌	❌
View Results	✅	✅	✅	✅	✅	✅

¹ set enviroment variable allow_manage_project = TRUE permission

User & Administrative Permissions

Capability	Account Admin	User Admin	Project Admin	All Others
Invite Users	✅	✅	❌	❌
Edit User Profiles	✅	✅	❌	❌
Suspend/Delete Users	✅	✅	❌	❌
SSO Configuration	✅	❌	❌	❌
License Management	✅	❌	❌	❌
Global Settings	✅	❌	❌	❌
Project Assignment	✅	❌	✅	❌
Access Token Generation	✅	✅	✅	✅

Role Assignment

Assigning Global Roles

For organization-wide permissions (Account Admin, User Admin):

1. Navigate to Admin → Users
2. Select the target user from the list
3. Select the appropriate Administrative Role from the tab

Project Access Management

For project-specific roles (Project Admin, Manager, Analyser, etc.):

1. Navigate to Admin → Users
2. Select the target user from the list
3. Click Add Project
4. Select Role from tab (Manager, Analyser, Contributor, Explorer)

Best Practices

Principle of Least Privilege
Grant users the minimum permissions required for their responsibilities. Start with Explorer access and elevate as needed.

Regular Access Reviews
Conduct quarterly reviews of user permissions, especially for departing team members or role changes.

Role Transition Planning
When team members change roles, update their permissions immediately and document the change for audit purposes.

Project-Specific Access
Use project-level roles instead of global permissions when users only need access to specific codebases or teams.