Role Based Access Control (RBAC)

CoreStandardProEnterprise FlexSelf-Managed Enterprise Compare

Role Based Access Control allows a user with Administrative access to apply roles to users, granting different levels of permission within an Organization or Workspace.

info

Self-Managed Enterprise instances have an Instance Admin role in addition to the other roles outlined in this document. The first user who logs on to Airbyte in a Self-Managed Enterprise instance will be assigned this role. This user will have all permissions listed below for all workspaces and all organizations associated with their Enterprise account. To update this assignment, enterprise customers should contact Airbyte support.

Organization Resource Roles

Permissions are scoped to the given Organization for which the user has this role, and any Workspaces within.

Permissions	Member	Reader	Runner	Editor	Admin
Read Organization Read individual organizations	X	X	X	X	X
Create Workspace Create new workspace within a specified organization Delete a workspace				X	X
Update Organization Modify organization settings, including billing, PbA, SSO Modify user roles within the organization					X

Workspace Resource Roles

Permissions are scoped to the specific Workspace in which the user has this role.

Permissions	Reader	Runner	Editor	Admin
Read Workspace List the connections in a workspace Read individual connections Read workspace settings (data residency, users, connector versions, notification settings)	X	X	X	X
Sync Connection Start/cancel syncs and refreshes		X	X	X
Modify Connector Settings Create, modify, delete sources and destinations in a workspace			X	X
Update Connection Modify a connection, including name, replication settings, normalization, DBT Clear connection data Create/Delete a connection Create/Update/Delete connector builder connectors			X	X
Update Workspace Update workspace settings (data residency, users, connector versions, notification settings) Modify workspace connector versions				X

Setting Roles

1. In the navigation bar, click Workspace settings or Organization settings > Members.

2. In the table, under Workspace role, click the current role and then select a new role.

   • You can't demote admins.

   • If you're assigning roles in a workspace, you can't assign a role that's more restricted than the role that person holds in the organization. For example, an organization admin must also be a workspace admin. However, an organization reader can be a workspace reader, editor, or admin.