Permission Matrix

Auto-generated

This page is auto-generated by scanning backend/src/routes/*.ts for authorization middleware. Do not edit manually.

114 protected endpoints found across 17 route files.

Admin

Endpoint	Method	Required Roles	Module Gate
`/api/admin/archives`	`GET`	perm:view_settings	—
`/api/admin/archives`	`POST`	perm:manage_settings	—
`/api/admin/archives/:id`	`DELETE`	perm:manage_settings	—
`/api/admin/archives/:id/restore`	`POST`	perm:manage_settings	—
`/api/admin/archives/stats`	`GET`	perm:view_settings	—
`/api/admin/diary/purge-seeds`	`POST`	perm:manage_sync	—
`/api/admin/diary/seed`	`POST`	perm:manage_sync	—
`/api/admin/quarantine`	`GET`	perm:view_sync_logs	—
`/api/admin/quarantine/:id/resolve`	`POST`	perm:manage_sync	—
`/api/admin/quarantine/stats`	`GET`	perm:view_sync_logs	—
`/api/admin/ratelimit/config`	`PUT`	perm:manage_settings	—
`/api/admin/ratelimit/status`	`GET`	perm:view_settings	—
`/api/admin/roles`	`GET`	perm:view_roles	—
`/api/admin/roles/:id`	`PATCH`	perm:manage_roles	—
`/api/admin/roles/:id`	`DELETE`	perm:manage_roles	—
`/api/admin/scan-history/import`	`POST`	perm:manage_sync	—
`/api/admin/scan-history/jobs`	`GET`	perm:manage_sync	—
`/api/admin/scan-history/jobs/:jobId`	`GET`	perm:manage_sync	—
`/api/admin/scan-history/jobs/:jobId/cancel`	`POST`	perm:manage_sync	—
`/api/admin/scan-history/jobs/:jobId/retry-failed`	`POST`	perm:manage_sync	—
`/api/admin/scan-history/scans`	`GET`	perm:manage_sync	—
`/api/admin/scan-history/scans/:scanId/history`	`GET`	perm:manage_sync	—
`/api/admin/settings`	`GET`	perm:view_settings	—
`/api/admin/settings`	`PUT`	perm:manage_settings	—
`/api/admin/severity-filter`	`GET`	perm:view_settings	—
`/api/admin/severity-filter`	`PUT`	perm:manage_settings	—
`/api/admin/severity-summary`	`GET`	perm:view_settings	—
`/api/admin/stats/backfill`	`POST`	perm:manage_sync	—
`/api/admin/stats/cleanup-logs`	`GET`	perm:view_settings	—
`/api/admin/stats/coverage`	`GET`	perm:view_sync_logs	—
`/api/admin/stats/recalculate`	`POST`	perm:manage_sync	—
`/api/admin/stats/recalculate/:jobId`	`GET`	perm:manage_sync	—
`/api/admin/sync/config`	`GET`	perm:view_sync_logs	—
`/api/admin/sync/config`	`PUT`	perm:manage_sync	—
`/api/admin/sync/gaps`	`GET`	perm:view_sync_logs	—
`/api/admin/sync/job/:id/stats`	`GET`	perm:view_sync_logs	—
`/api/admin/sync/logs`	`GET`	perm:view_sync_logs	—
`/api/admin/sync/resume`	`POST`	perm:manage_sync	—
`/api/admin/users`	`GET`	perm:view_users	—
`/api/admin/users`	`POST`	perm:manage_users	—
`/api/admin/users/:id`	`PATCH`	perm:manage_users	—
`/api/admin/users/:id`	`DELETE`	perm:manage_users	—
`/api/admin/users/:id/reset-password`	`POST`	perm:reset_password	—
`/api/admin/users/:id/unlock`	`POST`	perm:manage_user_security	—

Agent

Endpoint	Method	Required Roles	Module Gate
`/api/agent/ingest`	`POST`	authenticated	—

Ai

Endpoint	Method	Required Roles	Module Gate
`/api/ai/reports/download/:reportId`	`GET`	authenticated	—

Anomaly

Endpoint	Method	Required Roles	Module Gate
`/api/anomaly/:date/status`	`PUT`	admin	—
`/api/anomaly/detect`	`POST`	admin	—
`/api/anomaly/run-detection`	`POST`	admin	—

Appsec

Endpoint	Method	Required Roles	Module Gate
`/api/appsec/targets/:id/upload-spec`	`POST`	authenticated	—
`/api/appsec/test-cases/seed`	`POST`	authenticated	—

Auth

Endpoint	Method	Required Roles	Module Gate
`/api/auth/admin/reset-password`	`POST`	admin	—
`/api/auth/change-password`	`POST`	authenticated	—
`/api/auth/logout`	`POST`	authenticated	—
`/api/auth/me`	`GET`	authenticated	—
`/api/auth/mfa/setup`	`POST`	authenticated	—
`/api/auth/mfa/verify`	`POST`	authenticated	—
`/api/auth/my-tenants`	`GET`	authenticated	—
`/api/auth/switch-tenant`	`POST`	authenticated	—

Dashboard

Endpoint	Method	Required Roles	Module Gate
`/api/dashboard/maintenance/backfill-categories`	`POST`	admin	—
`/api/dashboard/maintenance/backfill-stats`	`POST`	admin	—
`/api/dashboard/seed`	`POST`	perm:manage_settings	—
`/api/dashboard/templates/widgets/seed`	`POST`	perm:manage_settings	—

Integration

Endpoint	Method	Required Roles	Module Gate
`/api/integration/docs/openapi`	`GET`	authenticated	—

License

Endpoint	Method	Required Roles	Module Gate
`/api/license/tenant-entitlements`	`GET`	authenticated	—

Proxy

Endpoint	Method	Required Roles	Module Gate
`/api/proxy/config-public`	`POST`	authenticated	—

Scan

Endpoint	Method	Required Roles	Module Gate
`/api/scan/ci/gate/:runId`	`GET`	authenticated	—
`/api/scan/ci/gate/config`	`GET`	authenticated	—
`/api/scan/ci/gate/config`	`POST`	authenticated	—
`/api/scan/ci/trigger`	`POST`	authenticated	—
`/api/scan/notification-preferences`	`GET`	authenticated	—
`/api/scan/notification-preferences`	`PUT`	authenticated	—
`/api/scan/notifications`	`GET`	authenticated	—
`/api/scan/notifications/read-all`	`PUT`	authenticated	—
`/api/scan/notifications/unread-count`	`GET`	authenticated	—

Scanner

Endpoint	Method	Required Roles	Module Gate
`/api/scanner/gateway/commands/:agentId`	`GET`	authenticated	—
`/api/scanner/gateway/fim-events`	`POST`	authenticated	—
`/api/scanner/gateway/heartbeat`	`POST`	authenticated	—
`/api/scanner/gateway/intel-db/updates`	`GET`	authenticated	—
`/api/scanner/gateway/renew-cert`	`POST`	authenticated	—
`/api/scanner/gateway/sbom`	`POST`	authenticated	—
`/api/scanner/gateway/scan-results`	`POST`	authenticated	—
`/api/scanner/gateway/update-manifest`	`GET`	authenticated	—
`/api/scanner/source-comparison`	`GET`	authenticated	—

Security

Endpoint	Method	Required Roles	Module Gate
`/api/security/alerts`	`GET`	perm:view_security	—
`/api/security/auth-logs`	`GET`	perm:view_security	—
`/api/security/auth-logs/cleanup`	`POST`	perm:manage_security	—
`/api/security/auth-logs/export`	`GET`	perm:manage_security	—
`/api/security/auth-logs/export/s3`	`POST`	perm:manage_security	—
`/api/security/blocked-ips`	`GET`	perm:manage_security	—
`/api/security/blocked-ips`	`POST`	perm:manage_security	—
`/api/security/blocked-ips/:id/unblock`	`POST`	perm:manage_security	—
`/api/security/health`	`GET`	perm:view_security	—
`/api/security/logs`	`GET`	perm:view_security	—
`/api/security/stats`	`GET`	perm:view_security	—
`/api/security/whitelisted-ips`	`GET`	perm:manage_security	—
`/api/security/whitelisted-ips`	`POST`	perm:manage_security	—
`/api/security/whitelisted-ips/:id/remove`	`POST`	perm:manage_security	—

Sso

Endpoint	Method	Required Roles	Module Gate
`/api/sso/status`	`GET`	authenticated	—

Sync

Endpoint	Method	Required Roles	Module Gate
`/api/sync/:id/discard`	`POST`	admin	—
`/api/sync/:id/resume`	`POST`	admin	—
`/api/sync/aggregate`	`POST`	admin	—
`/api/sync/backfill`	`POST`	admin	—
`/api/sync/cancel/:syncId`	`POST`	admin	—
`/api/sync/frequency`	`PUT`	admin	—
`/api/sync/integrity-backfill`	`POST`	admin	—
`/api/sync/integrity-check`	`GET`	admin	—
`/api/sync/interrupted`	`GET`	admin	—
`/api/sync/rebuild-trends`	`POST`	admin	—
`/api/sync/start`	`POST`	admin	—

Verify

Endpoint	Method	Required Roles	Module Gate
`/api/verify/pull-tenable-fixed`	`POST`	admin	—
`/api/verify/verify-jan17`	`GET`	admin	—

Vfp

Endpoint	Method	Required Roles	Module Gate
`/api/vfp/feature-flags`	`GET`	authenticated	—
`/api/vfp/feature-flags`	`PUT`	authenticated	—

Summary

Role / Permission	Endpoint Count
`authenticated`	35
`admin`	19
`perm:manage_sync`	15
`perm:manage_security`	9
`perm:manage_settings`	8
`perm:view_settings`	7
`perm:view_sync_logs`	7
`perm:view_security`	5
`perm:manage_users`	3
`perm:manage_roles`	2
`perm:view_roles`	1
`perm:view_users`	1
`perm:reset_password`	1
`perm:manage_user_security`	1

Generated on 2026-04-05

Admin​

Agent​

Ai​

Anomaly​

Appsec​

Auth​

Dashboard​

Integration​

License​

Proxy​

Scan​

Scanner​

Security​

Sso​

Sync​

Verify​

Vfp​

Summary​

Admin

Agent

Ai

Anomaly

Appsec

Auth

Dashboard

Integration

License

Proxy

Scan

Scanner

Security

Sso

Sync

Verify

Vfp

Summary