Comment on page
Role Based Access Control
Ozone RBAC lets you define and control the scope of access to all your resources for your team members. There are two broad accesses available on Ozone: Account and Project level. The scope of access is customizable on a granular level thanks to Ozone’s flexible role configurations. Before proceeding, let’s have a look at the main Ozone RBAC components:
- Roles: These are completely customizable permissions that can be created for a given user role within a team. Once a role is defined, it can be applied to the relevant users in a jiffy after they are added onto the platform.
- Admin: This user group has access to all of Ozone's functionalities including licensing, billing, audits and notification settings. This is equivalent to super-users
- Users: Irrespective of their role or designation, any individual who is able to sign into Ozone is a user. He/she can be a part of multiple accounts and projects within the Ozone platform.
- Project Admin: This user group has full access in the context of a set of projects. A user who is assigned this role can manage all CI/CD resources and control RBAC for users within the context of those set of projects.
- Account Members: Account members who have accepted the invites (both manual and from SSO) are available to be invited to projects with a project contextual RBAC role assigned to them.
Unlike other platforms, Ozone does not restrict its users with pre-defined roles. Admins are free to create roles with custom permissions that best suite their team and project structure. These roles can then be assigned to users once they are added to the project or account.
Here’s a look at the permission levels that can be customized while creating user roles:
View and create roles
Select “Account Management” from the left hand menu. Click on the roles tab. This screen will show all the roles that have been defined. You can edit the roles or simply create a new one by clicking on the “Create Role” button.
Enter the role name (Software Developer, SRE, etc), a brief description and enable the relevant permissions needed for that role. Refer to the table mentioned earlier in this section for all the project permissions available on Ozone.
Once the relevant permissions are selected for the role, click on “Create” and the newly added role should be visible in the list view screen.