Skip to main content

Role Based Access

Initializ.ai employs Role-Based Access Control (RBAC) with three predefined roles: Developer, Admin, and Workspace Admin, each designed with specific permissions. These roles ensure streamlined access management and robust security, aligning user privileges with their organizational responsibilities.

Organization Level Access-control

  • Admin Role

    The organization's Admin has full access to all platform resources available under the current plan.

  • Workspace Admin Role

    • workspace

      • The Workspace Admin has the authority to create workspaces.
      • The Workspace Admin can delete the accessible workspaces.

    • Managing user at organization level

      • The Workspace admin can not invite users to the organization; only users with the Admin role have the permission to invite new users.
      • The workspace admin can not remove users from the organization.

    • Environments Access

      • The workspace admin do not have access to the environments section.

        Clusters :

        • The workspace admin can not Access existing clusters.
        • The workspace admin can not import/create cluster.
        • The workspace admin can not download cluster configuration.
        • The workspace admin can not delete clusters.

        Registry :

        • The workspace admin can not Access existing registries/registry.
        • The workspace admin can not import/create registry.
        • The workspace admin can not edit registry details.
        • The workspace admin can not download registry configuration.
        • The workspace admin can not delete registry.

    • Observability

      • The workspace admin have access to the observability section.

        Metrics

        • The workspace admin can access RED (Request rate, Error rate, Duration in ms) metrics for all applications across the accessible workspaces.

        Logs

        • The workspace admin can search logs and view the search history of past log queries.

        Forwarding

        • The workspace admin has access to all log sinks within the organization but does not have the permissions to create, delete, or edit any log sinks.

    • Security

      • The workspace admin has access to all sections of the security screen for all applications across all accessible workspaces.

    • Access Token

      • workspace admin is authorized to create the access token as well as delete the access token

    • Secret Management

      • A user with the workspace admin role is not authorized to access the Secret Management section.

    • Billing

      • The workspace admin does not have authorization to access the organization's billing section.

  • Developer Role

    • workspace

      • The user with developer role do not have authority to create workspace.
      • The developer can not delete the accessible workspaces.

    • Managing user at organization level

      • The developer can not invite users to the organization; only users with the admin role have the permission to invite new users.
      • The developer can not remove the user from the organization.

    • Environments Access

      • The user with developer role do not have access to the environments section.

        Clusters :

        • The user with developer role can not Access existing clusters.
        • The user with developer role can not import/create cluster.
        • The user with developer role can not download cluster configuration.
        • The user with developer role can not delete clusters.

        Registry :

        • The user with developer role admin can not Access existing registries/registry.
        • The user with developer role admin can not import/create registry.
        • The user with developer role admin can not edit registry details.
        • The user with developer role admin can not download registry configuration.
        • The user with developer role admin can not delete registry.

    • Observability

      • The user with developer role have access to the observability section.

        Metrics

        • The user with developer role can access RED (Request rate, Error rate, Duration in ms) metrics for all applications across the accessible workspaces.

        Logs

        • The user with developer role can search logs and view the search history of past log queries.

        Forwarding

        • The user with developer role has access to all log sinks within the organization but does not have the permissions to create, delete, or edit any log sinks.

    • Security

      • The user with developer role has access to all sections of the security screen for all applications across all accessible workspaces.

    • Access Token

      • user with developer role is not authorized to create the access token as well as delete the access token

    • Secret Management

      • A user with the developer role is not authorized to access the Secret Management section.

    • Billing

      • The developer does not have authorization to access the organization's billing section.

Workspace Level Access-control

  • Admin Role

    The organization's Admin has full access to all platform resources available under the current plan.

  • Workspace admin Role

    • Managing user at workspace level

      • Workspace admin is authorized to add the user to the accessible workspaces.
      • Workspace admin can add user for the workspace admin and developer role.
      • Workspace admin can remove the user from the workspace.

    • Application

      • The workspace admin has the ability to create applications within the accessible workspace.
      • Workspace admin can delete the Applications from the accessible workspaces.

    • AI Endpoint

      • The workspace admin can create AI Endpoints within their accessible workspaces.
      • The workspace admin can delete AI Endpoints within their accessible workspaces.

    • Databases

      • The workspace admin can create databases within their accessible workspaces.
      • The workspace admin can edit all databases within their accessible workspaces.
      • The workspace admin can delete any database within their accessible workspaces.

    • Activity

      • The workspace admin can See the activity for the accessible workspace and all the applications within the workspaces.

  • Developer Role

    • Managing user at workspace level

      • Developer is not authorized to add the user to the accessible workspaces.
      • Developer can not remove the user from the workspace.

    • Application

      • Developer has the ability to create applications within the accessible workspace.
      • The developer can not delete the application from the accessible workspaces.

    • AI Endpoint

      • The developer can not create AI Endpoints within their accessible workspaces.
      • The developer can not delete AI Endpoints within their accessible workspaces.

    • Databases

      • The developer can create databases within their accessible workspaces.
      • The developer can edit all the databases within their accessible workspaces.
      • The workspace admin can not delete database within their accessible workspaces.

    • Activity

      • The workspace admin can See the activity for the accessible workspace and all the applications within the workspaces.

Last updated on