Skip to main content

Roles and Permissions

Access permissions in Rill Cloud are organized into roles at the project and organization level. In most cases, it should be sufficient to grant access at the organization level because those permissions are inherited for projects by default.

Role inheritance

Some project-level roles can be inherited from the organization-level:

  • Users with read_projects permission on an organization get viewer role on all projects in the organization.
  • Users with manage_projects permission on an organization get admin role on all projects in the organization.

Organization-level permissions

There are two roles available at the organization-level: Viewer and Admin.

PermissionDescriptionViewerAdmin
read_orgView basic info about the organization
manage_orgChange organization settings
read_projectsAct as a viewer on all projects in the organization
create_projectsCreate new projects in the organization
manage_projectsAct as an admin on all projects in the organization
read_org_membersView members of the organization
manage_org_membersAdd, remove or change roles of organization members

Project-level permissions

There are two roles available at the project-level: Viewer and Admin.

PermissionDescriptionViewerAdmin
read_projectView basic info about the project
manage_projectChange project settings
read_prodView dashboards deployed from the production (main) branch
read_prod_statusView logs for the production deployment
manage_prodTrigger actions on the production deployment
read_project_membersView members of the project
manage_project_membersAdd, remove or change roles of project members
create_magic_auth_tokensCreate shareable URLs
manage_magic_auth_tokensRemove shareable URLs created by others
create_reportsCreate and edit new scheduled reports
manage_reportsEdit and change scheduled reports created by others
create_alertsCreate and edit new alerts
manage_alertsEdit and change alerts created by others
create_bookmarksCreate and edit new bookmarks
manage_bookmarksEdit and change bookmarks created by others

User group-level permissions

There are two roles available at the user group-level: Viewer and Admin.

PermissionDescriptionViewerAdmin
read_projectView basic info about the project
manage_projectChange project settings
read_prodView dashboards deployed from the production (main) branch
read_prod_statusView logs for the production deployment
manage_prodTrigger actions on the production deployment
read_project_membersView members of the project
manage_project_membersAdd, remove or change roles of project members
create_magic_auth_tokensCreate shareable URLs
manage_magic_auth_tokensRemove shareable URLs created by others
create_reportsCreate and edit new scheduled reports
manage_reportsEdit and change scheduled reports created by others
create_alertsCreate and edit new alerts
manage_alertsEdit and change alerts created by others
create_bookmarksCreate and edit new bookmarks
manage_bookmarksEdit and change bookmarks created by others