Role Based Access Control (RBAC)
Last updated
Last updated
Aporia supports full role based access control. Using account-level and workspace-level permissions, users will only have access to the data and actions for which they are permitted.
An account is the highest level entity in Aporia and represents your company/organization.
Every user in Aporia must be associated with an account. There are two types of roles at the account level:
| Account Role | Permissions |
|---|---|
An account.admin may create multiple workspaces within your Aporia account.
A workspace is a silo created for separate teams. Each workspace represents a team/group within your organization and acts as an independent entity, i.e. a workspace encapsulate models, dashboards, monitors, etc. and these entities are not shared between workspaces.
There are three types of roles at the workspace level:
| Workspace Role | Permissions |
|---|---|
As an account admin you can manage roles as follows:
Log in to the Aporia platform
Go to the Teams page
Manage your account and workspace level permissions by adding, removing, and editing roles.
account.admin
Account admins can manage users (invite new users & update their associated permissions/roles). Account admins are admins of all workspaces in their account (top-down inheritance).
account.member
Account members (the default permission of a user) can access the Aporia platform in your organization's account.
workspace.admin
Manage user permissions of existing workspace users and ability to invite existing account members to the respective workspace. Edit & view permissions across all Aporia entities within the workspace, i.e. models, versions, dashboards, monitors, segments, & metrics.
workspace.editor
Edit & view permissions across all Aporia entities within a workspace, i.e. models, versions, dashboards, monitors, segments, & metrics.
workspace.viewer
View-only permissions for all entities in the workspace.
