Skip to content

Wiz Permissions Reference

This section outlines the access scopes and justifications for the Wiz–SailPoint Entro integration.


Management → Accounts & Integrations → Wiz


Required Permissions

The Wiz Service Account must have the following permissions for SailPoint Entro to retrieve and generate reports securely:

Permission Type Purpose
read:data_findings Read Retrieve sensitive data classification and context
create:reports Write Generate new DSPM report jobs for NHI exposure correlation
read:reports Read Access completed report data for ingestion into SailPoint Entro

Permissions Justification

  • SailPoint Entro generates Data Findings Reports to identify all cloud assets and their related data risks.

  • The create:reports permission is required to initiate this report within Wiz.

  • The read:data_findings and read:reports scopes allow SailPoint Entro to access only DATA_SCAN report types — no configuration, user, or secret data is retrieved.


Access Summary

  • Authentication uses Service Account Client ID and Client Secret

  • All requests performed via the Wiz REST API

  • All operations are read-only and executed over TLS 1.2+

  • Tokens are stored encrypted in SailPoint Entro’s Worker Group environment (AES-256)