From d0996b2825ff41d6ab30819ab097f4142d9bd38e Mon Sep 17 00:00:00 2001
From: Asheesh Gupta <asheeshgupta999@gmail.com>
Date: Wed, 8 Apr 2026 22:36:03 +0530
Subject: [PATCH] fix: use correct RBAC scopes for incident delete and read
 endpoints

- Change delete/bulk-delete/delete-alerts endpoints from write:incident
  to delete:incident to follow CRUD scope conventions
- Fix read:incidents (plural) typo to read:incident (singular) for
  consistency with all other scope definitions

Closes #5363
---
 keep/api/routes/incidents.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/keep/api/routes/incidents.py b/keep/api/routes/incidents.py
index 87438a5fe9..10fc24e741 100644
--- a/keep/api/routes/incidents.py
+++ b/keep/api/routes/incidents.py
@@ -427,7 +427,7 @@ def update_incident(
 def bulk_delete_incidents(
     incident_ids: List[UUID] = Body(..., embed=True),
     authenticated_entity: AuthenticatedEntity = Depends(
-        IdentityManagerFactory.get_auth_verifier(["write:incident"])
+        IdentityManagerFactory.get_auth_verifier(["delete:incident"])
     ),
     pusher_client: Pusher | None = Depends(get_pusher_client),
     session: Session = Depends(get_session),
@@ -445,7 +445,7 @@ def bulk_delete_incidents(
 def delete_incident(
     incident_id: UUID,
     authenticated_entity: AuthenticatedEntity = Depends(
-        IdentityManagerFactory.get_auth_verifier(["write:incident"])
+        IdentityManagerFactory.get_auth_verifier(["delete:incident"])
     ),
     pusher_client: Pusher | None = Depends(get_pusher_client),
     session: Session = Depends(get_session),
@@ -549,7 +549,7 @@ def get_incident_alerts(
     offset: int = 0,
     include_unlinked: bool = False,
     authenticated_entity: AuthenticatedEntity = Depends(
-        IdentityManagerFactory.get_auth_verifier(["read:incidents"])
+        IdentityManagerFactory.get_auth_verifier(["read:incident"])
     ),
 ) -> AlertWithIncidentLinkMetadataPaginatedResultsDto:
     tenant_id = authenticated_entity.tenant_id
@@ -601,7 +601,7 @@ def get_future_incidents_for_an_incident(
     limit: int = 25,
     offset: int = 0,
     authenticated_entity: AuthenticatedEntity = Depends(
-        IdentityManagerFactory.get_auth_verifier(["read:incidents"])
+        IdentityManagerFactory.get_auth_verifier(["read:incident"])
     ),
 ) -> IncidentsPaginatedResultsDto:
     tenant_id = authenticated_entity.tenant_id
@@ -653,7 +653,7 @@ def get_incident_workflows(
     limit: int = 25,
     offset: int = 0,
     authenticated_entity: AuthenticatedEntity = Depends(
-        IdentityManagerFactory.get_auth_verifier(["read:incidents"])
+        IdentityManagerFactory.get_auth_verifier(["read:incident"])
     ),
 ) -> WorkflowExecutionsPaginatedResultsDto:
     """
@@ -718,7 +718,7 @@ def delete_alerts_from_incident(
     incident_id: UUID,
     fingerprints: List[str],
     authenticated_entity: AuthenticatedEntity = Depends(
-        IdentityManagerFactory.get_auth_verifier(["write:incident"])
+        IdentityManagerFactory.get_auth_verifier(["delete:incident"])
     ),
     session=Depends(get_session),
     pusher_client: Pusher | None = Depends(get_pusher_client),