Access rights
Overview
Role-based access (RBAC) provides access for users with certain rights for either Organizations or Projects.
Organization RBAC
There are 4 types of Organization user access rights:
- Organization Owner
- Organization Admin
- Organization Member
- Organization Billing Admin
Organization Owner
It is a user who is creating a new organization. Owners have full read and write access rights to each and every setting of the created organization. Moreover, owners have full edit access to all permissions. Provide root access to the organization, including access to administer organization settings, and team members; access to delete the organization. By default, there can be only one owner of the organization (when creating one).
Rights
| Organization Owner | Can create | Can read | Can update | Can delete |
|---|---|---|---|---|
| Settings | ✓ | ✓ | ✓ | ✓ |
| Projects | ✓ | ✓ | ✓ | ✓ |
| Access management | ✓ | ✓ | ✓ | ✓ |
| Billing | ✓ | ✓ | ✓ | ✓ |
Organization Admin
Organization Admin, in comparison to the Organization Owner user, is an assignable access right position within the organization. The Admin rights can be assigned by adding new members to the already created organization by the organization Owner. Admins have full read and edit access to all features and settings of the organization. Admins, provide access to the organization, including access to administer organization settings, team members, project creation, and billing.
Rights
| Organization Admin | Can create | Can read | Can update | Can delete |
|---|---|---|---|---|
| Settings | ✗ | ✓ | ✗ | ✗ |
| Projects | ✓ | ✓ | ✓ | ✓ |
| Access management | ✓ | ✓ | ✓ | ✓ |
| Billing | ✗ | ✓ | ✗ | ✗ |
Organization Member
Organization Member role in terms of access rights is the lowest. Organization Member rights are being assigned when adding a new member to the organization or changing the access rights of already existing organization users. An Organization Member access rights can be assigned by Organization Owner or Organization Admin. Members only have read-only access to the organization (settings, users, and billing) and the project to which they belong.
Rights
| Organization Member | Can create | Can read | Can update | Can delete |
|---|---|---|---|---|
| Settings | ✗ | ✓ | ✗ | ✗ |
| Projects | ✗ | ✓ | ✗ | ✗ |
| Access management | ✗ | ✓ | ✗ | ✗ |
| Billing | ✗ | ✗ | ✗ | ✗ |
Organization Billing Admin
Organization Billing Admin access rights can only be assigned by the Organization Owner and Organization Admin at the moment of creating a new organization. Moreover, access rights can also be assigned to an already invited user to an organization. An Organization Billing Admin of an organization is a user that has privileges that includes access to the payment of the invoice and receiving the invoices (in par with the Organization Owner and Organization Admin). There can be only one billing admin in an organization at a time.
Rights
| Organization Billing Admin | Can create | Can read | Can update | Can delete |
|---|---|---|---|---|
| Settings | ✗ | ✗ | ✗ | ✗ |
| Projects | ✗ | ✗ | ✗ | ✗ |
| Access management | ✗ | ✗ | ✗ | ✗ |
| Billing | ✓ | ✓ | ✓ | ✓ |
Project RBAC
There are 3 types of Project user access rights:
- Project Owner
- Project Admin
- Project Member
Project Owner
Project Owners have full read and edit access to everything in the project. Owners have full edit access to all permissions including deleting the project.
Rights
| Project Owner | Can create | Can read | Can update | Can delete |
|---|---|---|---|---|
| Settings | ✓ | ✓ | ✓ | ✓ |
| Access management | ✓ | ✓ | ✓ | ✓ |
| Privacy | ✓ | ✓ | ✓ | ✓ |
Project Admin
Project Admins have full read and edit access to all features including Sources, Destinations, other products, and settings.
Rights
| Project Admin | Can create | Can read | Can update | Can delete |
|---|---|---|---|---|
| Settings | ✗ | ✓ | ✓ | ✗ |
| Access management | ✓ | ✓ | ✓ | ✓ |
| Privacy | ✓ | ✓ | ✓ | ✓ |
Project Member
By default, Project Members can only view project details without any edit rights regarding the Project's general settings. Project Members can only access the Project objects (Sources, Destinations, Events, etc.) only if the object has been shared (the created ones). Project Members can create objects by themselves.
Rights
| Project Admin | Can create | Can read | Can update | Can delete |
|---|---|---|---|---|
| Settings | ✗ | ✓ | ✗ | ✗ |
| Access management | ✗ | ✓ | ✗ | ✗ |
| Privacy | ✗ | ✗ | ✗ | ✗ |
Updated 4 months ago