Role-Based Access Control (RBAC)

Control access to platform resources using roles, permissions, and projects.

Overview

RBAC in the platform provides:

  • Global Roles: Organization-wide permission sets (Member, Admin, Owner)

  • Project Roles: Per-project permission sets (Viewer, Editor, Admin, Owner)

  • Projects: Isolated workspaces for workflows and data sources

  • Groups: Organize users for easier management

  • Permissions: Granular control over actions

Concepts

Global Roles

Built-in global roles:

  • Member: Normal organization member, no implicit access. Permissions determined by project membership.

  • Admin: Full system access, user management

  • Owner: Admin permissions plus ability to transfer ownership

Project Roles

Per-project roles assigned when a user is added to a project:

  • Viewer: Read-only access within the project

  • Editor: Can edit and run workflows within the project

  • Admin: Full project control, can manage members and data sources

  • Owner: Admin permissions, can only be removed by a global Admin

Projects

Isolate workflows and data sources: * Users assigned to projects * Resources scoped to projects * Cross-project data isolation

Groups

Organize users: * Assign permissions to groups * Simplified management * LDAP/SSO group mapping

Common Scenarios

Development Team Access

  • Create "Development" project

  • Assign developers to project

  • Grant "Editor" project role

Read-Only Access for Auditors

  • Assign auditors to relevant projects with "Viewer" project role

  • No modification permissions

See Also