Role Based Access Control (RBAC)
Role Based Access Control allows a user with Administrative access to apply roles to users, granting different levels of permission within an organization or workspace.
RBAC roles don’t require a customer to use SSO and can be enabled on any organization.
Workspace Resource Roles
A user can have at most one role of this kind per workspace. Permissions are scoped to the specific workspace in which the user has this role.
| Permissions | Reader | Editor | Admin |
|---|---|---|---|
| Read Workspace -List the connections in a workspace -Read individual connections -Read workspace settings (data residency, users, connector versions, notification settings) | X | X | X |
| Modify Connector Settings - Create, modify, delete sources and destinations in a workspace | X | X | |
| Update Connection -Start/cancel syncs - Modify a connection, including name, replication settings, normalization, DBT - Delete a connection - Create/Update/Delete connector builder connectors | X | X | |
| Update Workspace - Update workspace settings (data residency, users, connector versions, notification settings) - Modify workspace connector versions | X |
Organization Resource Roles
A user can have at most one role of this kind per organization. Permissions are scoped to the given organization for which the user has this role, and any workspaces within.
| Permissions | Organization Member | Organization Reader | Organization Editor | Organization Admin |
|---|---|---|---|---|
| Read Organization - Read individual organizations | X | X | X | X |
| Create Workspace - Create new workspace within a specified organization - Delete a workspace | X | X | ||
| Update Organization - Modify organization settings, including billing, PbA, SSO - Modify user roles within the organization | X |
Instance Resource Admin
Enterprise customers also have a user assigned the Instance Admin role. This user would have all permissions listed above for all workspaces and all organizations associated with their Enterptise instance. To update this assigment, enterprise customers should contact Airbyte support.