Access Control & Authorization (RBAC)
At each level of the account hierarchy there are different roles with different permissions. Access is inherited from top (account level) to bottom (space level). Therefore account admins have admin access to all organizations and all spaces in the account.
Roles and access are managed on the Members tab at the Account, Organization, and/or Space Settings pages. At each level admins can change roles of members, invite members, and restrict access.
Below is a high level overview of the roles and related permissions at each level.
Admin - Has full access to all entities in the account.
Member - Access is determined by organization and space roles.
Action | Admin | Member |
User management
| ✅ | ❌ |
Create organizations | ✅ | ❌ |
Admin - Has full access to all entities in the organization.
Member - Has partial access at the organizational level. Can create spaces and integration keys. Can only edit or delete integration keys they create. Space access is determined by space role.
Read-only Member - Has read only access to the organization. Cannot create spaces nor integration keys. Public space access is read-only unless added to the space. Private space access is determined by space role.
Action | Admin | Member | Read-only Member |
Organization Member management
| ✅ | ❌ | ❌ |
Create spaces | ✅ | ✅ | ❌ |
View public spaces | ✅ | ✅ | ✅ |
Edit public spaces | ✅ | ✅ | ❌ (unless explicitly added) |
View private spaces | ✅ | If added to space: ✅ If not: ❌ | If added to space: ✅ If not: ❌ |
Create integration keys | ✅ | ✅ | ❌ |
Edit / delete integration keys | ✅ | If creator: ✅
If not: ❌ | ❌ |
Admin - Has full access to all entities in the space.
Member - Has write access to entities associated to models (e.g., monitors) but does not have access to API keys, model creation, or membership management.
Read-only Member - Has read-only access to entities in the space.
Action | Admin | Member | Read-only Member |
Access to SDK API Key | ✅ | ❌ | ❌ |
Space Member management
| ✅ | ❌ | ❌ |
Delete models | ✅ | ❌ | ❌ |
Create and delete file import jobs | ✅ | ❌ | ❌ |
Update model settings | ✅ | ✅ | ❌ |
Create/Edit Dashboards | ✅ | ✅ | ❌ |
Create/Edit Monitors | ✅ | ✅ | ❌ |
Create/Edit Projects | ✅ | ✅ | ❌ |
View model entities (monitors, dashboards etc.) | ✅ | ✅ | ✅ |
Last modified 23d ago