Use roles to manage access, not exceptions
Nubis uses role-based access control so teams can manage access consistently across compute, networking, storage, billing, and identity workflows. The goal is to make access predictable as the platform grows.Core RBAC concepts
Roles
Roles bundle permissions into a reusable access model for a person or service account.Permissions
Permissions are the individual actions a role can perform across billing, IAM, projects, compute, storage, networking, and support workflows.Identities
Identities include both people and automation actors, such as CI/CD service accounts.Default role guidance
Owner
Full administrative control, including billing, IAM, and organization-wide operations.
Admin
Broad operational control for infrastructure and team management without needing owner-only powers.
Member
Day-to-day access for contributors who should work within defined operational boundaries.
Service account
Automation identity for CI/CD, provisioning, and system integrations without relying on personal credentials.
Recommended access model
- Keep billing and IAM rights narrow.
- Use members or custom roles for routine engineering work.
- Create service accounts for automation instead of sharing personal keys.
- Review elevated roles as part of your regular operating cadence.
Good RBAC habits
- Prefer least privilege over blanket access.
- Avoid using owners for normal day-to-day work.
- Keep production access more restrictive than development access.
- Remove stale identities quickly when people or systems no longer need them.