What is RBAC?
Role-Based Access Control (RBAC) allows you to manage permissions for team members through roles. Instead of assigning individual permissions, you assign roles that contain predefined permission sets.Key Concepts
Roles
Predefined sets of permissions that determine what a user can do:- Owner: Full account access
- Admin: Manage resources and team members
- Developer: Create and manage resources
- Viewer: Read-only access
Permissions
Granular actions that can be performed:- Create/delete instances
- Manage billing
- View resources
- Manage team members
Users
Team members who are assigned roles.Default Roles
Owner
- Full account control
- Billing management
- Delete account
- Manage all roles
Admin
- Create/manage all resources
- Manage team members
- View billing
- Cannot delete account
Developer
- Create/manage instances
- Manage networking
- Cannot access billing
- No team management
Viewer
- View all resources
- Generate reports
- Cannot make changes
- No billing access
Getting Started
1
Invite Team Members
Go to Settings → Team and click “Invite Member”
2
Assign Role
Select a role for the new team member
3
Send Invitation
The member will receive an email invitation
Custom Roles
Create custom roles with specific permissions:- Navigate to Settings → Roles
- Click “Create Role”
- Name your role
- Select permissions
- Save the role
Best Practices
Start with the principle of least privilege. Grant only necessary permissions.
- Use viewer roles for contractors and auditors
- Limit billing access to trusted administrators
- Review team access quarterly
- Remove access immediately when team members leave