Roles are used to define a set of permissions that you can assign to individuals or groups. Organization-level roles control the Superblocks features members can access, the administrative actions they can perform, and the level of access users have to all current and future resources created in the org. Note, organization-level roles differ from resource-level roles that give users access to specific Applications, Integrations, Workflows, etc. For more information, see About resource roles.
Built-in organization roles
Each Superblocks organization, by default comes out of the box with the following built-in roles. These roles are non-editable and are based on common patterns of permissions organizations usually need.- Owner: Each Superblocks organization has a primary Owner. This person is considered the controller of all org data. Only they can request to delete users, delete the organization, or request plan and billing changes.
- Admin: Admins help manage their organization, including members, groups, and settings. Admins can also access all of the organization’s resources to help manage access to these resources.
- Developer: The default non-administrative role is Developer. Developers build and maintain your company’s tooling. They can’t change org settings, but otherwise have read-only access to most of your org’s settings.
- End-User: End-Users have the lowest level of access in Superblocks. They have read-only access to the platform, can’t view most org settings, and can only access resources they’ve been given access to.
Permissions for built-in organization roles
The built-in organization roles have the following permissions. For a full list of permissions that can be assigned with organization roles, see the permissions reference| Resource | Permission | Owner | Admin | Developer | End-User |
|---|---|---|---|---|---|
| Access tokens | access_tokens:manage | ✓ | ✓ | ✗ | ✗ |
access_tokens:read | ✓ | ✓ | ✗ | ✗ | |
| Agents | agents:manage | ✓ | ✓ | ✗ | ✗ |
agents:read | ✓ | ✓ | ✓ | ✗ | |
| Applications | apps:create | ✓ | ✓ | ✓ | ✗ |
apps:update | ✓ | ✓ | ✓ | ✗ | |
apps:deploy | ✓ | ✓ | ✓ | ✗ | |
apps:delete | ✓ | ✓ | ✗ | ✗ | |
apps:manage_visibility | ✓ | ✓ | ✗ | ✗ | |
apps:share | ✓ | ✓ | ✗ | ✗ | |
apps:preview | ✓ | ✓ | ✓ | ✗ | |
apps:view | ✓ | ✓ | ✓ | ✓ | |
| Folders | folders:manage | ✓ | ✓ | ✓ | ✗ |
| Groups | groups:manage | ✓ | ✓ | ✗ | ✗ |
groups:read | ✓ | ✓ | ✓ | ✓ | |
groups.members:manage | ✓ | ✓ | ✗ | ✗ | |
groups.members:read | ✓ | ✓ | ✓ | ✓ | |
| Integrations | integrations:create | ✓ | ✓ | ✓ | ✗ |
integrations:update | ✓ | ✓ | ✗ | ✗ | |
integrations:delete | ✓ | ✓ | ✗ | ✗ | |
integrations:share | ✓ | ✓ | ✗ | ✗ | |
integrations:build | ✓ | ✓ | ✓ | ✗ | |
| Logs | logs:read | ✓ | ✓ | ✓ | ✗ |
logs.streams:manage | ✓ | ✓ | ✗ | ✗ | |
logs.streams:read | ✓ | ✓ | ✗ | ✗ | |
| Org | org:manage | ✓ | ✗ | ✗ | ✗ |
org:read | ✓ | ✓ | ✓ | ✓ | |
org.users:manage | ✓ | ✓ | ✗ | ✗ | |
org.users:read | ✓ | ✓ | ✓ | ✓ | |
| Profiles | profiles:manage | ✓ | ✓ | ✗ | ✗ |
profiles:read | ✓ | ✓ | ✓ | ✗ | |
| Repositories | repos:manage | ✓ | ✓ | ✓ | ✗ |
repos:read | ✓ | ✓ | ✓ | ✗ | |
| Roles | roles:manage | ✓ | ✓ | ✗ | ✗ |
roles:read | ✓ | ✓ | ✓ | ✗ | |
| Scheduled Jobs | jobs:create | ✓ | ✓ | ✓ | ✗ |
jobs:update | ✓ | ✓ | ✓ | ✗ | |
jobs:deploy | ✓ | ✓ | ✓ | ✗ | |
jobs:delete | ✓ | ✓ | ✗ | ✗ | |
jobs:share | ✓ | ✓ | ✗ | ✗ | |
jobs:manage_schedule | ✓ | ✓ | ✓ | ✗ | |
jobs:run | ✓ | ✓ | ✓ | ✗ | |
| Secret stores | secrets_stores:manage | ✓ | ✓ | ✗ | ✗ |
| Workflows | workflows:create | ✓ | ✓ | ✓ | ✗ |
workflows:update | ✓ | ✓ | ✓ | ✗ | |
workflows:deploy | ✓ | ✓ | ✓ | ✗ | |
workflows:delete | ✓ | ✓ | ✗ | ✗ | |
workflows:share | ✓ | ✓ | ✗ | ✗ |