Role Based Access Control (RBAC)
Overview
The Role-Based Access Control (RBAC) feature is designed to streamline operations by assigning specific roles and permissions to users within your organization. This guide explains the roles, their capabilities, and how to manage user access effectively.
Roles and Permissions
Roles are divided into two categories: Organization Roles and Workspace Roles.
Organization Roles define the level of control a user has over the entire platform, including managing organizational settings, user access, and resources. These roles determine how much authority a user has to configure and oversee the platform at the organizational level.
Workspace Roles define the level of access and control a user has within specific workspaces.
Organization Roles
Admin Role
The Admin role has full control over the organization and its resources.
Permissions:
Workspace Management: Create, view, edit, and delete workspaces.
Connector Management: Create, view, edit, and delete connectors.
Organization Details: Update and manage organization information.
User Management: Invite, manage, and update user privileges.
Account Deletion: Perform account deletion, ensuring at least one admin remains in the organization.
Default Access: Admins have visibility into all workspaces and can manage them. By default, the admin is also the maintainer of all workspaces.
User Role
The User role is a general role for members of the organization who do not have administrative privileges.
Permissions:
Workspace Access: Access only the workspaces they are assigned to.
Resource Viewing: View resources within their assigned workspaces.
Default Access: Users are restricted to the workspaces assigned to them by admins.
Workspace Roles
Maintainer Role
The Maintainer role is responsible for managing deployments and resources within assigned workspaces.
Permissions:
User Management: Add or remove users from assigned workspaces.
Connector Management: Publish and deploy connectors.
Application Management: Create, view, edit, and delete applications.
Deployment Management: Edit and update deployments and connector versions.
Default Access: Maintainers can only manage the workspaces they are assigned to. Note that the admin of the organization is automatically the maintainer of all workspaces by default.
Developer Role
The Developer role focuses on application creation and management within assigned workspaces.
Permissions:
Application Management: Create, view, edit, and delete their own applications.
Default Access: Developers can only manage their own applications within the workspaces they are assigned to.
Viewer Role
The Viewer role provides read-only access to resources within assigned workspaces.
Permissions:
View Access: View pipelines, connectors, and assigned workspaces without modifying them.
Default Access: Viewers can only view resources and cannot make any changes.
User Invitation and Role Assignment
Inviting Users
Go to Settings > Users and Roles.
Click Add Members.
Enter the user’s email address and assign a role (Admin, Maintainer, Developer, or Viewer).
Send the invitation.
Managing Pending Invites
Resend Invite: Resend the invitation to pending users. Cancel Invite: Cancel the invitation if needed.
Role Assignment
Roles are assigned when the user accepts the invitation.
Admins can update user roles at any time.
Default Workspace Creation
For Admins
A default workspace is automatically created when an admin signs up.
Admins have visibility into all workspaces and can manage them.
For Users
Users are restricted to assigned workspaces only as assigned by Admins
Step-by-Step Guides
Assigning Roles to Users
Go to Settings > Users and Roles.
Click Add Members.
Enter the user’s email address and select a role.
Click Send Invite.
Managing Workspaces
Go to Settings > Workspace Details.
Admins can create, edit, or delete workspaces.
Maintainers can manage deployments within assigned workspaces.
Updating User Roles
Go to Settings > Users and Roles.
Find the user whose role you want to update.
Click Edit and assign a new role.
Save your changes.
Frequently Asked Questions (FAQs)
Q1: Can a user have multiple roles?
A: No, each user is assigned a single role within a workspace. However, admins can update roles as needed.
Q2: What happens if an admin deletes their account?
A: At least one admin must remain in the organization. If the last admin tries to delete their account, the system will prevent it.
Q3: Can viewers edit any resources?
A: No, viewers have read-only access and cannot modify any resources.
Q4: How do I resend an invitation?
A: Go to Settings > Users and Roles, find the pending invite, and click Resend Invite.
Last updated
Was this helpful?