Skip to main content

Role Based Access Control

For granular access control, Rig offers Role Based Access Control (RBAC), with four predefined roles, where a role has a set of permissions that define what actions a user can perform, and on what resources they can perform those actions.

The roles and their permissions are rougly as follows:

  • Admin: Can perform all actions on all resources
  • Owner: Can do everything a Developer can do, but can also create and delete capsules, delete builds, and manage users and their roles.
  • Developer: Can do everything a Viewer can do, and can also perform deployments and create new builds.
  • Viewer: Can view all resources, but cannot perform any actions.

For a more detailed view of the permissions for each role, see the Role Permissions section.

Manage Users

To manage users, you must be logged in as an Owner or an Admin, navigate to the 'Settings'-tab, and then click the 'Team'-page.

Add user

To add a user, click the '+ Add member'-button, and enter the email address, a temporary password, and the role you want to assign to the user.

Dashboard Add Member

Assign role

To add a different role to an existing user, simply open the dropdown on the user and select the role you want to assign.

Dashboard Assign Role

Role Permissions

The following table shows the permissions for each role:

PermissionAdminOwnerDeveloperViewer
Projects
Create✔️
Delete✔️
Update Settings✔️
Members
Create User✔️✔️
Delete User✔️✔️
Create Service Accounts✔️✔️
Delete Service Accounts✔️✔️
Update Role✔️✔️
Capsules & Deployments
Create✔️✔️
Delete✔️✔️
Delete Builds✔️✔️
Create Builds✔️✔️✔️
Deploy Rollouts✔️✔️✔️
Abort Rollouts✔️✔️✔️
Restart Instances✔️✔️✔️
Exec in Instances✔️✔️✔️
View Data✔️✔️✔️✔️
info

This table is not exhaustive, and is subject to change. It does however cover the most important permissions.