A user's permissions within a Redox organization are determined by their assigned roles. Each user may be assigned to one organization role per organization and one environment role per environment. Before managing roles, though, you must add a user to a Redox organization.
Organization owners may assign organization roles. Both organization owners and admins may assign environment roles. Learn how to manage user roles.
An organization role determines the capabilities and access a user has within an organization. This includes more administrative type of capabilities within an organization.
There are three organization roles:
- owner
- admin
- member
A user’s organizational role doesn't impact their assigned environment role, and vice versa.
An organization must have at least one owner, but there are no requirements for admins or members. On the flip side, there are no limits for how many owners, admins, or members an organization has.
We recommend having a minimum of two owners. That way, you won't lose access to your organization if an owner is unavailable or leaves the company. Since there's no limit, though, assign the number of owners that makes sense, depending on your company's needs.
All new users joining an organization are automatically assigned to a member role by default.
Removing a user means that they lose access to the entire organization and all its environments. This means they'll no longer see that the organization even exists. Learn how to remove a user from a Redox organization.
A user may only be assigned one organization role at a time. These are the available organization roles and related permissions.
Permission | Member | Admin | Owner |
---|---|---|---|
Manage organization profile | X | ||
Delete an organization | X | ||
View organization roles | X | X | |
Manage single sign-on (SSO) | X | ||
Manage user invitations | X | X | |
Manage organization roles and review audit events | X | ||
View and manage environment roles | X | X | |
Request new connection | X | X | X |
An environment role determines the capabilities and access a user has within an environment. This includes more technical type of capabilities within an organization.
There are three available environment roles:
- observer
- support
- engineer
Some of these roles have overlapping permissions and capabilities, but usually to serve different purposes within the environment.
A user isn't required to have an environment role. An owner or admin can change or remove the default role assignments, depending on access needs. Just note that without an environment role, the user has zero access to a given environment, meaning they won't even be able to see it exists. And an owner or admin can always reassign an environment role later if a user is removed from an environment.
A user may only have one environment role per environment, but if they're part of multiple environments, they can have different roles assignments in different environments. For example, if you had a user named Stephanie Wong, Stephanie could be assigned to an engineer role in development, an observer in staging, and no role for production.
All new users joining an organization are automatically assigned to these environment roles by default, depending on the environment type.
- Development: Engineer
- Staging: Engineer
- Production: Observer
Removing a user's environment means that they lose access only to the environment, not the entire organization. This means they'll no longer see that the environment even exists within the organization. Learn how to remove a user's environment role.
A user may only be assigned one environment role per environment. These are the available organization roles and related permissions.
Permission | Observer | Support | Engineer |
---|---|---|---|
View connectivity settings (i.e., sources, destinations, auth credentials) | X | X | X |
Manage connectivity settings (i.e., sources, destinations, auth credentials) | X | ||
View connections | X | X | X |
View data operations | X | X | X |
Manage data operations | X | X | |
Search and view log metadata | X | X | X |
Search and view log payloads* (including log inspector) | X | X | |
Retry logs | X | X | |
Use developer test tools | X | ||
View alert setup and history | X | X | X |
Manage alert rules | X | X |
*You can search log payloads in both the Redox dashboard and the Redox Platform API. However, you can only review the contents of log payloads in the dashboard. Platform API responses only contain log metadata for matching log results.