Role Based Access Control (RBAC)
Aporia supports full role based access control. Using account-level and workspace-level permissions, users will only have access to the data and actions for which they are permitted.
An
account
is the highest level entity in Aporia and represents your company/organization. Every user in Aporia must be associated with an
account
. There are two types of roles at the account
level:Account Role | Permissions |
---|---|
account.admin | Account admins can manage users (invite new users & update their associated permissions/roles). Account admins are admins of all workspaces in their account (top-down inheritance). |
account.member | Account members (the default permission of a user) can access the Aporia platform in your organization's account. |
An
account.admin
may create multiple workspaces
within your Aporia account
. A
workspace
is a silo created for separate teams. Each workspace
represents a team/group within your organization and acts as an independent entity, i.e. a workspace encapsulate models, dashboards, monitors, etc. and these entities are not shared between workspaces.There are three types of roles at the
workspace
level:Workspace Role | Permissions |
---|---|
workspace.admin | Manage user permissions of existing workspace users and ability to invite existing account members to the respective workspace.
Edit & view permissions across all Aporia entities within the workspace, i.e. models, versions, dashboards, monitors, segments, & metrics. |
workspace.editor | Edit & view permissions across all Aporia entities within a workspace, i.e. models, versions, dashboards, monitors, segments, & metrics. |
workspace.viewer | View-only permissions for all entities in the workspace. |
As an account admin you can manage roles as follows:
- 1.Log in to the Aporia platform
- 2.Go to the
Teams
page - 3.Manage your account and workspace level permissions by adding, removing, and editing roles.

Account management via Aporia Platform