Role Based Access Control (RBAC)

Aporia supports full role based access control. Using account-level and workspace-level permissions, users will only have access to the data and actions for which they are permitted.

Aporia roles & permissions

Account level roles

An account is the highest level entity in Aporia and represents your company/organization.

Every user in Aporia must be associated with an account. There are two types of roles at the account level:

Account Role	Permissions
account.admin	Account admins can manage users (invite new users & update their associated permissions/roles). Account admins are admins of all workspaces in their account (top-down inheritance).
account.member	Account members (the default permission of a user) can access the Aporia platform in your organization's account.

Account Role

Permissions

account.admin

Account admins can manage users (invite new users & update their associated permissions/roles). Account admins are admins of all workspaces in their account (top-down inheritance).

account.member

Account members (the default permission of a user) can access the Aporia platform in your organization's account.

An account.admin may create multiple workspaces within your Aporia account.

Workspace level roles

A workspace is a silo created for separate teams. Each workspace represents a team/group within your organization and acts as an independent entity, i.e. a workspace encapsulate models, dashboards, monitors, etc. and these entities are not shared between workspaces.

There are three types of roles at the workspace level:

Workspace Role	Permissions
workspace.admin	Manage user permissions of existing workspace users and ability to invite existing account members to the respective workspace. Edit & view permissions across all Aporia entities within the workspace, i.e. models, versions, dashboards, monitors, segments, & metrics.
workspace.editor	Edit & view permissions across all Aporia entities within a workspace, i.e. models, versions, dashboards, monitors, segments, & metrics.
workspace.viewer	View-only permissions for all entities in the workspace.

Workspace Role

Permissions

workspace.admin

Manage user permissions of existing workspace users and ability to invite existing account members to the respective workspace. Edit & view permissions across all Aporia entities within the workspace, i.e. models, versions, dashboards, monitors, segments, & metrics.

workspace.editor

Edit & view permissions across all Aporia entities within a workspace, i.e. models, versions, dashboards, monitors, segments, & metrics.

workspace.viewer

View-only permissions for all entities in the workspace.

Roles management

Via Aporia platform

As an account admin you can manage roles as follows:

Log in to the Aporia platform
Go to the Teams page
Manage your account and workspace level permissions by adding, removing, and editing roles.

PreviousCisco NextAPI Extended Reference

Last updated 1 year ago