This guide lists the permission scopes that control access to each part of Interno (the Zeron Command Center). Interno scopes use the defence: prefix.
This page covers Interno only. For the complete cross-product reference — every product's scopes, resource-level roles, groups, and common scenarios — see the Zeron Platform: Complete Permissions & RBAC Reference.
vendor:view). If a user lacks the scope a page needs, they see an "Unauthorized" screen.Manage user accounts and groups under Admin > Management (requires the zitadel:iam permission).
| To do this | Required scope |
|---|---|
| Use ZIN Copilot, HITL approvals, agent tasks | Any authenticated user with product access |
| View dashboards & posture overview (and Asset Inventory) | defence:dashboard:view |
| Create new dashboards | defence:dashboard:create |
| Edit dashboards, use the custom widget builder | defence:dashboard:update |
| Delete dashboards | defence:dashboard:delete |
| View saved widgets | defence:widget:view |
| Create / duplicate widgets | defence:widget:create |
| Delete widgets | defence:widget:delete |
| View widget underlying data | defence:widget:data:view |
| Render widget charts | defence:widget:visualize |
| View manual ingestion page & history | defence:manual-ingest:view |
| Upload / import data files | defence:manual-ingest:create |
| Review & approve ingested data | defence:manual-ingest:review |
| View queries & alerts | defence:query:view |
| Create / edit / delete queries & alerts | defence:query:create / :update / :delete |
| Execute / run a query | defence:query:execute |
| View evidence queries (shared with Conformity) | grc:evidence:view |
| Create / manage evidence queries | grc:evidence:create |
| View integrations & connector catalog | defence:integration:view |
| View / create / delete connector credentials | defence:integration:credentials:view / :create / :delete |
| View risks | defence:risk:view |
| Create / update / delete risks | defence:risk:create / :update / :delete |
| Use the full 4-step risk workflow | defence:risk:manage |
| View risk documents | defence:risk:documents:view |
| View & generate reports | report:view |
defence:dashboard:view + defence:widget:view + defence:query:view + defence:integration:view + defence:risk:view + report:viewdefence:* scopes + report:view (add grc:evidence:* for evidence queries).| Issue | What to do |
|---|---|
| User sees "Unauthorized" on a page | Their group is missing that page's scope. Add it from the table above. |
| Can view dashboards but cannot build widgets | The custom widget builder needs defence:dashboard:update (plus defence:widget:create). |
| Cannot connect an integration | Add defence:integration:credentials:create in addition to defence:integration:view. |
| Cannot see Reports | Add report:view (shared across products). |
Need more help? Contact support@zeron.one.