Skip to main content

RBAC & Permissions Overview

Role-Based Access Control (RBAC) in the Workspace platform helps you manage who can access what in your organization. This system ensures that team members have exactly the permissions they need to do their job - nothing more, nothing less.

What is RBAC?

RBAC is a security model that controls access to resources based on the roles assigned to users. Instead of managing permissions for each individual user, you create roles (like "Project Manager" or "Developer") and assign permissions to those roles. Then you simply assign the appropriate roles to your team members.

Key Benefits

  • Enhanced Security: Control exactly who can access sensitive resources
  • Simplified Management: Manage permissions through roles instead of individual users
  • Scalability: Easily onboard new team members by assigning appropriate roles
  • Compliance: Meet security requirements and audit trails
  • Flexibility: Fine-grained control over specific actions and resources

Core Concepts

Roles

Think of roles as job titles that define what someone can do in Workspace Platform:

  • Examples: "Workspace Admin", "Project Manager", "Developer", "Viewer"
  • Each role contains a collection of permissions
  • Users can have multiple roles
  • Roles are specific to your workspace

Permissions

Permissions are specific actions someone can perform:

  • Examples: "Create Projects", "Delete Workflows", "View Reports", "Manage Team Members"
  • Permissions are grouped by what they control (workspace, project, team, etc.)
  • Some permissions are standard (read, write, delete), others are specific to resource types

Resources

Resources are the things you want to control access to:

  • Workspace: Your organization's main container
  • Projects: Individual projects and initiatives
  • Teams: Groups of users working together
  • Workflows: Automated processes and systems
  • Bots: AI agents and automated tools

Resource Hierarchy

The Workspace platform organizes access in a clear hierarchy:

Organization
└── Workspace
    ├── Team
    ├── Project
    │   ├── Workflow
    │   ├── Bot
    │   └── Knowledge Base
    └── Billing Account

Important: Permissions granted at higher levels can affect lower levels. For example, someone with "Create Projects" permission at the workspace level can create projects that contain workflows and bots.

How RBAC Works in Workspace Platform

  1. Administrator Sets Up Roles: Workspace admins create roles with appropriate permissions
  2. Users Get Assigned Roles: Team members are assigned one or more roles
  3. Access is Controlled: When users try to perform actions, the system checks their roles and permissions
  4. Permissions are Inherited: Team-based permissions apply to all team members

Common Permission Types

Standard Permissions

Every resource type has these basic permissions:

  • Read: View the resource and its details
  • Write/Update: Modify the resource
  • Delete: Remove the resource
  • All: Complete control over the resource

Workspace-Level Permissions

  • Manage Members: Add/remove users from the workspace
  • Manage Roles: Create and modify roles
  • Create Projects: Set up new projects and initiatives
  • Create Teams: Organize users into teams
  • View Billing: Access billing and usage information

Project-Level Permissions

  • Deploy: Deploy systems and processes to production
  • Export Data: Download project data and configurations
  • Manage Project Members: Control who can access the project

Team-Level Permissions

  • Add Members: Invite users to join the team
  • Remove Members: Remove users from the team
  • Manage Team Settings: Modify team configuration

Visibility vs Permissions

The Workspace platform separates visibility from permissions:

  • Visibility: Determines who can see a resource exists
  • Permissions: Determines what someone can do with a resource

Example: A project might be visible to all workspace members (so they know it exists), but only certain users have permission to edit it.

Visibility Levels

  • Public: Everyone in the workspace can see it
  • Private: Only the creator can see it
  • Team: Only team members can see it
  • Custom: Specific users or groups can see it

Getting Started

Ready to set up RBAC for your workspace? Here's what you'll typically do:

  1. Review Default Roles: Start with pre-configured roles
  2. Create Custom Roles: Build roles specific to your organization
  3. Assign Permissions: Configure what each role can do
  4. Manage Users: Add team members and assign their roles
  5. Handle Common Scenarios: Learn from real-world examples

Best Practices

  • Start Small: Begin with basic roles and add complexity as needed
  • Follow Least Privilege: Give users only the permissions they need
  • Use Descriptive Names: Make role names clear and understandable
  • Regular Reviews: Periodically audit who has what access
  • Document Decisions: Keep notes on why certain permissions were granted

Need Help?

  • Check our Common Scenarios for real-world examples
  • Review Troubleshooting for solutions to common issues
  • Contact your workspace administrator for permission requests
  • Reach out to your system administrator for technical assistance

Next Steps: Learn how to get started with RBAC in your workspace.