Role Based Access Control (RBAC)
Role Based Access Control allows a user with Administrative access to apply roles to users, granting different levels of permission within an organization or workspace.
RBAC roles don’t require a customer to use SSO and can be enabled on any organization.
Workspace Resource Roles
A user can have at most one role of this kind per workspace. Permissions are scoped to the specific workspace in which the user has this role.
| Permissions | Reader | Editor | Admin |
|---|---|---|---|
| Read Workspace -List the connections in a workspace -Read individual connections -Read workspace settings (data residency, users, connector versions, notification settings) | X | X | X |
| Modify Connector Settings - Create, modify, delete sources and destinations in a workspace | X | X | |
| Update Connection -Start/cancel syncs - Modify a connection, including name, replication settings, normalization, DBT - Delete a connection - Create/Update/Delete connector builder connectors | X | X | |
| Update Workspace - Update workspace settings (data residency, users, connector versions, notification settings) - Modify workspace connector versions | X |
Organization Resource Roles
A user can have at most one role of this kind per organization. Permissions are scoped to the given organization for which the user has this role, and any workspaces within.
| Permissions | Organization Member | Organization Reader | Organization Editor | Organization Admin |
|---|---|---|---|---|
| Read Organization - Read individual organizations | X | X | X | X |
| Create Workspace - Create new workspace within a specified organization - Delete a workspace | X | X | ||
| Update Organization - Modify organization settings, including billing, PbA, SSO - Modify user roles within the organization | X |
Instance Resource Roles
At the instance level, a user may have InstanceAdmin role. Permissions are valid for all workspaces and all organizations. This user, therefore would have the following permissions as InstanceAdmin:
ReadWorkspace
- List the connections in a workspace
- Read individual connections
- Read workspace settings (data residency, users, connector versions, notification settings) Update Connection
- Start/cancel syncs
- Modify a connection, including name, replication settings, normalization, DBT
- Delete a connection
UpdateWorkspace
- Update workspace settings (data residency, users, connector versions, notification settings)
- Modify workspace connector versions
ReadOrganization
- Read individual organizations
CreateWorkspace
- Create new workspace within a specified organization
- Delete a workspace
UpdateOrganization
- Modify organization settings, including billing, PbA, SSO
- Modify user roles within the organization