jprdonnelly/airbyte
1
0
Fork 0
mirror of synced 2025-12-21 11:01:41 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
yarden/source-mongodb-support-dynamic-arrays
airbyte/docs/platform/access-management/rbac.md
devin-ai-integration[bot] 4c03019e7e feat(docs): Add Navattic component for embedding Navattic demos (#69118) 
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: ian.alton@airbyte.io <ian.alton@airbyte.io>
2025-10-31 22:51:43 -07:00

46 lines
4.8 KiB
Markdown
Raw Permalink Blame History

---
products: oss-enterprise, cloud-teams
---
# Role-based access control (RBAC)
Role Based Access Control allows a user with Administrative access to apply roles to users, granting different levels of permission within an organization or workspace.
:::info
**Self-Managed Enterprise** instances have an `Instance Admin` role in addition to the other roles outlined in this document. Airbyte assigns this role to the first user who logs on to Airbyte in a Self-Managed Enterprise instance. This user has all permissions listed below for all workspaces and all organizations associated with their Enterprise account. To update this assignment, enterprise customers should contact [Airbyte support](https://support.airbyte.com/hc/en-us).
:::
## Organization roles
When you assign an organization role, Airbyte scopes permissions to the entire organization, which includes all workspaces in that organization.
| Permissions | Member | Reader | Runner | Editor | Admin |
| :--------------------------------------------------------------------------------------------------------------------------------------------------------- | :----: | :----: | :----: | :----: | :---: |
| **Read Organization**<br /><ul><li>Read individual organizations</li></ul> | X | X | X | X | X |
| **Create Workspace**<br /><ul><li>Create new workspace within a specified organization</li><li>Delete a workspace</li></ul> | | | | X | X |
| **Update Organization**<br /><ul><li>Modify organization settings, including billing, PbA, SSO</li><li>Modify user roles within the organization</li></ul> | | | | | X |
## Workspace roles
In a workspace role, Airbyte scopes permissions to that specific workspace. You can override an organization role by assigning someone a higher role in a workspace. However, you can't assign a role that's more restricted than the role that person holds in the organization. For example, an organization admin must also be a workspace admin. However, an organization reader can be a workspace reader, editor, or admin.
| Permissions | Reader | Runner | Editor | Admin |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :----: | :----: | :----: | :---: |
| **Read Workspace**<br /><ul><li>List the connections in a workspace</li><li>Read individual connections</li><li>Read workspace settings (data residency, users, connector versions, notification settings)</li></ul> | X | X | X | X |
| **Sync Connection**<br /><ul><li>Start/cancel syncs and refreshes</li></ul> | | X | X | X |
| **Modify Connector Settings**<br /><ul><li>Create, modify, delete sources and destinations in a workspace</li></ul> | | | X | X |
| **Update Connection**<br /><ul><li>Modify a connection, including name, replication settings, normalization, DBT</li><li>Clear connection data</li><li>Create/Delete a connection</li><li> Create/Update/Delete connector builder connectors</li></ul> | | | X | X |
| **Update Workspace**<br /><ul><li> Update workspace settings (data residency, users, connector versions, notification settings)</li><li> Modify workspace connector versions</li></ul> | | | | X |
## Best practices for assigning roles
- At the organization level, assign the lowest level of permission necessary.
- At the workspace level, assign higher roles for individual workspaces as needed to override organization role within that workspace.
- Don't assign admin roles frivolously. Once someone is an admin, you can't demote them.
## Setting roles
1. In the navigation bar, click **Workspace settings** or **Organization settings** > **Members**.
2. In the table, under **Workspace role**, click the current role and then select a new role.
Reference in New Issue View Git Blame Copy Permalink