Role Based Access Control (RBAC)
Aporia supports full role based access control. Using account-level and workspace-level permissions, users will only have access to the data and actions for which they are permitted.
Aporia roles & permissions
Account level roles
An account is the highest level entity in Aporia and represents your company/organization.
Every user in Aporia must be associated with an account. There are two types of roles at the account level:
account.admin
Account admins can manage users (invite new users & update their associated permissions/roles). Account admins are admins of all workspaces in their account (top-down inheritance).
account.member
Account members (the default permission of a user) can access the Aporia platform in your organization's account.
An account.admin may create multiple workspaces within your Aporia account.
Workspace level roles
A workspace is a silo created for separate teams. Each workspace represents a team/group within your organization and acts as an independent entity, i.e. a workspace encapsulate models, dashboards, monitors, etc. and these entities are not shared between workspaces.
There are three types of roles at the workspace level:
workspace.admin
Manage user permissions of existing workspace users and ability to invite existing account members to the respective workspace. Edit & view permissions across all Aporia entities within the workspace, i.e. models, versions, dashboards, monitors, segments, & metrics.
workspace.editor
Edit & view permissions across all Aporia entities within a workspace, i.e. models, versions, dashboards, monitors, segments, & metrics.
workspace.viewer
View-only permissions for all entities in the workspace.
Roles management
Via Aporia platform
As an account admin you can manage roles as follows:
Log in to the Aporia platform
Go to the
TeamspageManage your account and workspace level permissions by adding, removing, and editing roles.
Last updated
