Role-Based Access Control (RBAC)
Roles
Signadot supports Role-Based Access Control with two roles: admin and member.
Permissions
Both admin and member users have read access to all the entities and functions
pertaining to their organization. However, write access (includes create, update, delete)
varies: members' access is focused on application-related entities, without the ability
to engage in administration or management functions, which are reserved for admins. The
table below charts it out:
| admin (write) | member (write) | |
|---|---|---|
| Sandboxes | ✅ | ✅ |
| Resource Plugins | ✅ | ✅ |
| Route Groups | ✅ | ✅ |
| Clusters & Cluster Tokens | ✅ | ❌ |
| API Keys | ✅ | ❌ |
| Users & User Invites | ✅ | ❌ |
| Settings: SSO | ✅ | ❌ |
| Settings: Authorized Domains | ✅ | ❌ |
| Settings: Preserved Labels | ✅ | ❌ |
Role Assignment
When creating an organization
The user creating an organization will automatically assume the admin role. This ensures that there
is at least one admin who has full control over the organization's settings and operations from the outset.
When inviting a user
A role can be assigned at the time of inviting a user. This allows the organization's admin(s) to
control the level of access a new user will have right from the start.
Upon Auto-Provisioning
Users auto-provisioned based on Authorized Domains or SSO Auto-provisioning settings are assigned member
role by default.
Role Management
admins can manage user roles from the Dashboard on the "Users" page.