Your user role determines what you’re allowed to see and do within your Redox organization and its environments. As a fundamental part of access control, user roles help you:
- Enforce the principle of least privilege: Grant team members only the permissions they need to do their jobs, reducing the risk of accidental changes or security breaches.
- Streamline team management: Assign predefined roles (e.g., engineer, support) instead of manually configuring permissions for every new user.
- Facilitate separate duties: Distinguish between administrative tasks (like managing users) and technical tasks (like configuring integrations) by assigning separate organization and environment roles.
Organization owners can assign organization roles. Both organization owners and admins may assign environment roles. Learn how to manage user roles.
Before managing roles, though, you must add a user to a Redox organization.
To view and interact with a Redox organization, a user must be assigned to one organization role. However, a user can be part of an organization without having access to any of its environments.
To view and interact with an environment, a user must be assigned to one environment role. A user is required to have an environment role in every environment they should have access to. This means a user can have access to only one environment, two environments, or all three environments in an organization.
An organization role is for administrative, company-level tasks.
There are three types of organization roles:
- Owner: A user who creates a Redox organization is its owner. This is typically for team leads, who need complete control over the administration of the organization.
- Admin: Every owner needs helpers. Admins can assist in managing environment roles and user invitations without permission to modify the organization itself. This is typically for project managers or other team leads who need some, but not all, administrative access.
- Member: Some users might need to interact within an environment but not need to perform any administrative tasks for the organization. This is typically for technical users who need to accomplish technical tasks, not administrative ones.
A user’s organization role doesn’t impact their assigned environment role, and vice versa.
An organization must have at least one owner, but there are no requirements for admins or members. However, there are no limits to how many owners, admins, or members an organization has.
We recommend having a minimum of two owners. That way, you won’t lose access to your organization if an owner is unavailable or leaves the company. Since there’s no limit, though, assign the number of owners that makes sense, depending on your company’s needs.
All new users joining an organization are automatically assigned to a member role by default.
Removing a user means they lose access to the entire organization and all its environments. This means they’ll no longer see that the organization even exists. Learn how to remove a user from a Redox organization.
A user can only be assigned one organization role at a time. These are the available organization roles and related permissions.
Permission | Member | Admin | Owner |
|---|---|---|---|
Manage organization profile | X | ||
Delete an organization | X | ||
View organization roles | X | X | |
Manage single sign-on (SSO) | X | ||
Manage user invitations | X | X | |
Manage organization roles and review audit events | X | ||
View and manage environment roles | X | X | |
Request new connection | X | X | X |
View VPN configurations | X | X | X |
An environment role is for technical, hands-on integration tasks.
There are three types of environment roles:
- Engineer: These are technical power users who have full control to configure, build, and troubleshoot integrations within an environment. This role is for your developer team members.
- Support: Whenever there’s a hiccup that needs troubleshooting, you want support on hand. Support users have all the insight without the access to build out your connections.
- Observer: Sometimes users just need to peek at the environment to get an understanding of the status of your connections and subscriptions without changing anything. This is typically for product managers or executives who need partial insight.
Some of these roles have overlapping permissions and capabilities, but usually serve different purposes within the environment.
A user isn’t required to have an environment role. An owner or admin can change or remove the default role assignment, depending on access needs. Without an environment role, however, the user has zero access to the environment. That means they won’t even be able to see that it exists. An owner or admin can always reassign an environment role later if a user is removed from an environment.
A user can only have one environment role per environment. However, if they’re part of multiple environments, they can have different role assignments in each environment. For example, if you have a user named Stephanie Wong, Stephanie could be assigned to an engineer role in development, an observer role in staging, and no role for production.
All new users joining an organization are automatically assigned to these environment roles by default, depending on the environment type.
- Development: Engineer
- Staging: Engineer
- Production: Observer
Removing a user’s environment role means they lose access to the environment, not the entire organization. The user will no longer see that the environment even exists within the organization. Learn how to remove a user’s environment role.
A user may only be assigned one environment role per environment. These are the available environment roles and related permissions.
Permission | Observer | Support | Engineer |
|---|---|---|---|
View connectivity settings (i.e., sources, destinations, auth credentials) | X | X | X |
Manage connectivity settings (i.e., sources, destinations, auth credentials) | X | ||
View connections | X | X | X |
Manage connections (i.e., delete subscriptions) | X | ||
View data operations | X | X | X |
Manage data operations | X | X | |
Search and view log metadata | X | X | X |
Search and view log payloads* (including log inspector) | X | X | |
Retry logs | X | X | |
Use developer test tools | X | ||
View alert rules | X | X | X |
Manage alert rules | X | X |
*You can search log payloads in both the Redox dashboard and the Redox Platform API. However, you can review the contents of log payloads in the dashboard. Platform API responses only contain log metadata for matching log results.