Your user role determines what you’re allowed to see and do within your Redox organization and its environments. As a fundamental part of access control, user roles help you:
- Enforce the principle of least privilege: Grant team members only the permissions they need to do their jobs, reducing the risk of accidental changes or security breaches.
- Streamline team management: Assign predefined roles (e.g., engineer, support) instead of manually configuring permissions for every new user.
- Facilitate separate duties: Distinguish between administrative tasks (like managing users) and technical tasks (like configuring integrations) by assigning separate organization and environment roles.
Organization owners can assign organization roles. Both organization owners and admins may assign environment roles. Learn how to manage user roles.
Before managing roles, though, you must add a user to a Redox organization.
To view and interact with a Redox organization, a user must be assigned to one organization role. However, a user can be part of an organization without having access to any of its environments.
To view and interact with an environment, a user must be assigned to one environment role. A user is required to have an environment role in every environment they should have access to. This means a user can have access to only one environment, two environments, or all three environments in an organization.
An organization role is for administrative, company-level tasks.
There are three types of organization roles:
- Owner: A user who creates a Redox organization is its owner. This is typically for team leads, who need complete control over the administration of the organization.
- Admin: Every owner needs helpers. Admins can assist in managing environment roles and user invitations without permission to modify the organization itself. This is typically for project managers or other team leads who need some, but not all, administrative access.
- Member: Some users might need to interact within an environment but not need to perform any administrative tasks for the organization. This is typically for technical users who need to accomplish technical tasks, not administrative ones.
A user’s organization role doesn’t impact their assigned environment role, and vice versa.
An organization must have at least one owner, but there are no requirements for admins or members. However, there are no limits to how many owners, admins, or members an organization has.
We recommend having a minimum of two owners. That way, you won’t lose access to your organization if an owner is unavailable or leaves the company. Since there’s no limit, though, assign the number of owners that makes sense, depending on your company’s needs.
All new users joining an organization are automatically assigned to a member role by default.
Removing a user means they lose access to the entire organization and all its environments. This means they’ll no longer see that the organization even exists. Learn how to remove a user from a Redox organization.
A user can only be assigned one organization role at a time. These are the available organization roles and related permissions.
Permission | Member | Admin | Owner |
|---|---|---|---|
Manage organization profile Edit details about the organization, including name, notification email address, and contact information. | X | ||
Delete an organization Delete free and pre-production organizations without live implementations. Production organizations may not be deleted. | X | ||
View organization roles View organization role assignments for users within your organization. | X | X | |
Manage single sign-on (SSO) Enable, disable, and configure the SSO setup for your organization. | X | ||
Add users to an organization Invite users to an organization, as well as view or delete pending invitations. | X | X | |
View and manage organization roles (including removing users and reviewing audit events) View or assign user organization roles, or remove a user from an organization altogether. Includes the ability to review audit events initiated by users in your organization.* | X | ||
View and manage environment roles View, assign, or remove user environment roles within your organization. | X | X | |
Request new connection Submit connection requests to integrate with new organizations. | X | X | X |
View VPN configurations View any VPNs that have been configured within your organization. | X | X | X |
*Audit events may contain confidential data.
An environment role is for technical, hands-on integration tasks.
There are three types of environment roles:
- Engineer: These are technical power users who have full control to configure, build, and troubleshoot integrations within an environment. This role is for your developer team members.
- Support: Whenever there’s a hiccup that needs troubleshooting, you want support on hand. Support users have all the insight without the access to build out your connections.
- Observer: Sometimes users just need to peek at the environment to get an understanding of the status of your connections and subscriptions without changing anything. This is typically for product managers or executives who need partial insight.
Some of these roles have overlapping permissions and capabilities, but usually serve different purposes within the environment.
A user isn’t required to have an environment role. An owner or admin can change or remove the default role assignment, depending on access needs. Without an environment role, however, the user has zero access to the environment. That means they won’t even be able to see that it exists. An owner or admin can always reassign an environment role later if a user is removed from an environment.
A user can only have one environment role per environment. However, if they’re part of multiple environments, they can have different role assignments in each environment. For example, if you have a user named Stephanie Wong, Stephanie could be assigned to an engineer role in development, an observer role in staging, and no role for production.
All new users joining an organization are automatically assigned to these environment roles by default, depending on the environment type.
- Development: Engineer
- Staging: Engineer
- Production: Observer
Removing a user’s environment role means they lose access to the environment, not the entire organization. The user will no longer see that the environment even exists within the organization. Learn how to remove a user’s environment role.
A user may only be assigned one environment role per environment. These are the available environment roles and related permissions.
Permission | Observer | Support | Engineer |
|---|---|---|---|
View connectivity settings View your organization’s configured sources, destinations, and related auth credentials. | X | X | X |
Manage connectivity settings Create, edit, and delete your organization’s configured, sources, destinations, and related auth credentials. | X | ||
View connections View your organization’s connections with the related details for each subscription. | X | X | X |
Manage connections Create or delete subscriptions. | X | ||
View data operations View any configured data processing operations in your organization (i.e., filters, translations, config modifiers). | X | X | X |
Manage data operations Create, edit, and delete any configured data processing operations in your organization (i.e., filters, translations, config modifiers). | X | X | |
View log metadata Search and view results with log metadata, errors, and retries for your environment. | X | X | X |
View log payloads* Search and view results with log metadata, payloads, errors, retries, and log inspector. Payloads may contain confidential data. | X | X | |
Retry logs Initiate a new attempt for an existing log, whether failed or successful. | X | X | |
View processor run metadata** Search and view results with processor run metadata for your environment. | X | X | X |
View processor run payloads and parameter values** Search and view results with processor run metadata, payloads, parameter values, errors, retries, and inspection. Payloads and parameter values may contain confidential data. | X | X | |
Use developer test tools Use Redox dashboard testing tools to send test messages with your environment’s configured sources or receiving test messages to configured destinations. | X | ||
View alert rules View any configured traffic alert rules within your environment, as well as any Redox system alerts. | X | X | X |
Manage alert rules Create, edit, or delete any configured traffic alert rules within your environment. | X | X |
*You can search log payloads in both the Redox dashboard and the Redox Platform API. However, you can review the contents of log payloads in the dashboard. Platform API responses only contain log metadata for matching log results.
** Processors are an open beta feature. Learn more about processors.