What are roles?

Last updated: Dec 18, 2024
HEALTH TECH VENDOR
HCO
PRODUCT OWNER

A user's permissions within a Redox organization are determined by their assigned roles. Each user may be assigned to one organization role per organization and one environment role per environment. Before managing roles, though, you must add a user to a Redox organization.

Organization owners may assign organization roles. Both organization owners and admins may assign environment roles. Learn how to manage user roles.

Organization roles

An organization role determines the capabilities and access a user has within an organization. This includes more administrative type of capabilities within an organization.

There are three organization roles:

  • owner
  • admin
  • member

A user’s organizational role doesn't impact their assigned environment role, and vice versa.

Organization role requirements

An organization must have at least one owner, but there are no requirements for admins or members. On the flip side, there are no limits for how many owners, admins, or members an organization has.

We recommend having a minimum of two owners. That way, you won't lose access to your organization if an owner is unavailable or leaves the company. Since there's no limit, though, assign the number of owners that makes sense, depending on your company's needs.

Default roles

All new users joining an organization are automatically assigned to a member role by default.

Removing an organization role

Removing a user means that they lose access to the entire organization and all its environments. This means they'll no longer see that the organization even exists. Learn how to remove a user from a Redox organization.

Role permissions

A user may only be assigned one organization role at a time. These are the available organization roles and related permissions.

Permission
Member
Admin
Owner
Manage organization profile
X
Delete an organization
X
View organization roles
X
X
Manage single sign-on (SSO)
X
Manage user invitations
X
X
Manage organization roles and review audit events
X
View and manage environment roles
X
X
Request new connection
X
X
X

Environment role

An environment role determines the capabilities and access a user has within an environment. This includes more technical type of capabilities within an organization.

There are three available environment roles:

  • observer
  • support
  • engineer

Some of these roles have overlapping permissions and capabilities, but usually to serve different purposes within the environment.

Environment role requirements

A user isn't required to have an environment role. An owner or admin can change or remove the default role assignments, depending on access needs. Just note that without an environment role, the user has zero access to a given environment, meaning they won't even be able to see it exists. And an owner or admin can always reassign an environment role later if a user is removed from an environment.

A user may only have one environment role per environment, but if they're part of multiple environments, they can have different roles assignments in different environments. For example, if you had a user named Stephanie Wong, Stephanie could be assigned to an engineer role in development, an observer in staging, and no role for production.

Default roles

All new users joining an organization are automatically assigned to these environment roles by default, depending on the environment type.

  • Development: Engineer
  • Staging: Engineer
  • Production: Observer

Removing an environment role

Removing a user's environment means that they lose access only to the environment, not the entire organization. This means they'll no longer see that the environment even exists within the organization. Learn how to remove a user's environment role.

Role permissions

A user may only be assigned one environment role per environment. These are the available organization roles and related permissions.

Permission
Observer
Support
Engineer
View connectivity settings (i.e., sources, destinations, auth credentials)
X
X
X
Manage connectivity settings (i.e., sources, destinations, auth credentials)
X
View connections
X
X
X
View data operations
X
X
X
Manage data operations
X
X
Search and view log metadata
X
X
X
Search and view log payloads* (including log inspector)
X
X
Retry logs
X
X
Use developer test tools
X
View alert setup and history
X
X
X
Manage alert rules
X
X

*You can search log payloads in both the Redox dashboard and the Redox Platform API. However, you can only review the contents of log payloads in the dashboard. Platform API responses only contain log metadata for matching log results.