> ## Documentation Index
> Fetch the complete documentation index at: https://docs.superblocks.com/llms.txt
> Use this file to discover all available pages before exploring further.
# About organization roles
> Use organization roles to determine the actions a user can perform within the Superblocks platform
export const PermissionMatrix = () => {
const Check = () => ✓;
const X = () => ✗;
const permissions = [{
"permission": "access_tokens:manage",
"permission_label": "Manage org access tokens",
"description": "Access to create, view, update, and delete org-wide access tokens.",
"ref": {
"title": "Manage access tokens",
"url": "/administration/security/access-tokens"
},
"resource": "Access tokens",
"roles": ["Owner", "Admin"]
}, {
"permission": "access_tokens:read",
"permission_label": "View org access tokens",
"description": "Access to view org-wide access tokens. Can only view token metadata, not token values.",
"ref": {
"title": "Manage access tokens",
"url": "/administration/security/access-tokens"
},
"resource": "Access tokens",
"roles": ["Owner", "Admin"]
}, {
"permission": "agents:manage",
"permission_label": "Manage On-Premise Agents",
"description": "Deploy and manage On-Premise Agents used to execute organization code.",
"ref": {
"title": "About On-Premise Agent",
"url": "/on-premise-agent/overview"
},
"resource": "Agents",
"roles": ["Owner", "Admin"]
}, {
"permission": "agents:read",
"permission_label": "View On-Premise Agents",
"description": "View On-Premise Agents registered to execute organization code.",
"ref": {
"title": "About On-Premise Agent",
"url": "/on-premise-agent/overview"
},
"resource": "Agents",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "apps:create",
"permission_label": "Create Applications",
"description": "Access to create new Application",
"type": "development",
"ref": {
"title": "About Applications",
"url": "/applications/overview"
},
"resource": "Applications",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "apps:update",
"permission_label": "Edit applications",
"description": "Edit application, including creating branch and commits.",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "apps:deploy",
"permission_label": "Deploy app commits",
"description": "Deploy a commit on the application's default branch to make it live for end-users.",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "apps:delete",
"permission_label": "Delete applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "apps:manage_visibility",
"permission_label": "Make applications publicly visible",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "apps:share",
"permission_label": "Manage access to applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "apps:preview",
"permission_label": "View branch & commit previews applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "apps:view",
"permission_label": "View live version of applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer", "End-User"],
"resource_roles": []
}, {
"permission": "folders:manage",
"permission_label": "Manage home page folders",
"description": "Access to create, update, and delete folders users see on the Superblocks home page.",
"resource": "Folders",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "groups:manage",
"permission_label": "Manage user groups",
"description": "Access to create, view, update, and delete organization groups.",
"ref": {
"title": "Managing user groups",
"url": "/administration/groups/managing-groups"
},
"resource": "Groups",
"roles": ["Owner", "Admin"]
}, {
"permission": "groups:read",
"permission_label": "View user groups",
"description": "Access to view organization groups.",
"ref": {
"title": "Managing user groups",
"url": "/administration/groups/managing-groups"
},
"resource": "Groups",
"roles": ["Owner", "Admin", "Developer", "End-User"]
}, {
"permission": "groups.members:manage",
"permission_label": "Manage group members",
"description": "Access to add and remove members from user groups.",
"ref": {
"title": "Manage group members",
"url": "/administration/groups/managing-groups#add-members-to-a-group"
},
"resource": "Groups",
"roles": ["Owner", "Admin"]
}, {
"permission": "groups.members:read",
"permission_label": "View group members",
"description": "Access to see which users are members of a group.",
"ref": {
"title": "Managing user groups",
"url": "/administration/groups/managing-groups"
},
"resource": "Groups",
"roles": ["Owner", "Admin", "Developer", "End-User"]
}, {
"permission": "integrations:create",
"permission_label": "Create Integration",
"type": "development",
"description": "Access to create new Integrations",
"ref": {
"title": "About Integrations",
"url": "/integrations/overview"
},
"resource": "Integrations",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "integrations:update",
"permission_label": "Update integration credentials/configurations",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "integrations:delete",
"permission_label": "Delete integrations",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "integrations:share",
"permission_label": "Manage access to integrations",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "integrations:build",
"permission_label": "Use integrations in APIs",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "logs:read",
"permission_label": "View organization audit logs",
"description": "Access logs for the organization. Logs many contain agent, profile, repository, or user information not otherwise accessible by viewer.",
"ref": {
"title": "About Logs",
"url": "/admin/audit-logs"
},
"resource": "Logs",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "logs.streams:manage",
"permission_label": "Manage log streams",
"description": "Access to add, update, and remove Observability integrations used to stream logs to 3rd party monitoring platforms.",
"ref": {
"title": "Streaming Logs to Observability vendor",
"url": "/development-lifecycle/monitor/observability"
},
"resource": "Logs",
"roles": ["Owner", "Admin"]
}, {
"permission": "logs.streams:read",
"permission_label": "View log streams",
"description": "Access to view Observability integrations configured for the organization.",
"ref": {
"title": "Streaming Logs to Observability vendor",
"url": "/development-lifecycle/monitor/observability"
},
"resource": "Logs",
"roles": ["Owner", "Admin"]
}, {
"permission": "org:manage",
"permission_label": "Manage organization meta",
"description": "Access to fully manage the organization, including the org's name, domains, plan, etc.",
"resource": "Org",
"roles": ["Owner"]
}, {
"permission": "org:read",
"permission_label": "View organization meta",
"description": "Read-only access to organization settings like org name, domains, etc.",
"resource": "Org",
"roles": ["Owner", "Admin", "Developer", "End-User"]
}, {
"permission": "org.users:manage",
"permission_label": "Manage org members",
"description": "Access to invite members to the organization, manage invites, and deactivate/reactivate member accounts.",
"ref": {
"title": "Managing members",
"url": "/administration/members"
},
"resource": "Org",
"roles": ["Owner", "Admin"]
}, {
"permission": "org.users:read",
"permission_label": "View org members",
"description": "Access to view who is a member of the organization.",
"ref": {
"title": "Managing members",
"url": "/administration/members"
},
"resource": "Org",
"roles": ["Owner", "Admin", "Developer", "End-User"]
}, {
"permission": "profiles:manage",
"permission_label": "Manage profiles",
"description": "Access to create, view, update, and delete data profiles for the organization.",
"ref": {
"title": "About Profiles",
"url": "/development-lifecycle/build/profiles"
},
"resource": "Profiles",
"roles": ["Owner", "Admin"]
}, {
"permission": "profiles:read",
"permission_label": "View profiles",
"description": "Access to view the organization's data profiles.",
"ref": {
"title": "About Profiles",
"url": "/development-lifecycle/build/profiles"
},
"resource": "Profiles",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "repos:manage",
"permission_label": "Manage repositories",
"description": "Access to create, view, update, and delete connection git repositories.",
"ref": {
"title": "Set up repositories",
"url": "/development-lifecycle/source-control/setup/"
},
"resource": "Repositories",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "repos:read",
"permission_label": "View repositories",
"description": "Access to view connection git repositories.",
"ref": {
"title": "Set up repositories",
"url": "/development-lifecycle/source-control/setup/"
},
"resource": "Repositories",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "roles:manage",
"permission_label": "Manage roles & permissions",
"description": "Access to create, view, update, and delete custom organization and resource roles. This permission does not let users assign custom roles.",
"ref": {
"title": "Manage roles & permissions",
"url": "/administration/rbac"
},
"resource": "Roles",
"roles": ["Owner", "Admin"]
}, {
"permission": "roles:read",
"permission_label": "View org roles & permissions",
"description": "Access to view organization and resource roles.",
"ref": {
"title": "Manage roles & permissions",
"url": "/administration/rbac"
},
"resource": "Roles",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "jobs:create",
"permission_label": "Create Scheduled Jobs",
"type": "development",
"description": "Access to create new Scheduled Jobs",
"ref": {
"title": "About Scheduled Jobs",
"url": "/scheduled-jobs/overview"
},
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "jobs:update",
"permission_label": "Edit Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "jobs:deploy",
"permission_label": "Deploy job commits",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "jobs:delete",
"permission_label": "Delete Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "jobs:share",
"permission_label": "Manage development access to Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "jobs:manage_schedule",
"permission_label": "Manage cron schedule associated with Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "jobs:run",
"permission_label": "Start one time execution of Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "secrets_stores:manage",
"permission_label": "Manage secret stores",
"description": "Access to create and manage organization secret stores.",
"ref": {
"title": "Using secret managers",
"url": "/development-lifecycle/build/secrets-management"
},
"resource": "Secret stores",
"roles": ["Owner", "Admin"]
}, {
"permission": "workflows:create",
"permission_label": "Create Workflows",
"type": "development",
"description": "Access to create new Workflows",
"ref": {
"title": "About Workflows",
"url": "/workflows/overview"
},
"resource": "Workflows",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "workflows:update",
"permission_label": "Edit Workflows",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "workflows:deploy",
"permission_label": "Deploy Workflow commits",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "workflows:delete",
"permission_label": "Delete Workflows",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "workflows:share",
"permission_label": "Manage developer access to Workflows",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}];
const roles = ["Owner", "Admin", "Developer", "End-User"];
const groupedPermissions = permissions.reduce((acc, perm) => {
if (!acc[perm.resource]) {
acc[perm.resource] = [];
}
acc[perm.resource].push(perm);
return acc;
}, {});
return <>
| Resource |
Permission |
{roles.map(r => {r} | )}
{Object.entries(groupedPermissions).map(([resource, perms]) => perms.map((item, index) =>
| {index === 0 ? resource : ''} |
{item.permission} |
{roles.map(r =>
{item.roles && item.roles.includes(r) ? : }
| )}
))}
;
};
export const CardGrid = ({cards}) => {
if (!cards || !Array.isArray(cards)) {
return null;
}
return ;
};
Roles are used to define a set of permissions that you can assign to individuals or groups. Organization-level roles control the Superblocks features members can access, the administrative actions they can perform, and the level of access users have to all current and future resources created in the org. Note, organization-level roles differ from resource-level roles that give users access to specific Applications, Integrations, Workflows, etc. For more information, see [About resource roles](/admin/org-administration/resource-roles).
## Built-in organization roles
Each Superblocks organization, by default comes out of the box with the following built-in roles. These roles are non-editable and are based on common patterns of permissions organizations usually need.
* **Owner**: Each Superblocks organization has a primary Owner. This person is considered the controller of all org data. Only they can request to [delete users](/admin/org-administration/members/delete-user), delete the organization, or request plan and billing changes.
* **Admin**: Admins help manage their organization, including members, groups, and settings. Admins can also access all of the organization's resources to help manage access to these resources.
* **Developer**: The default non-administrative role is Developer. Developers build and maintain your company's tooling. They can't change org settings, but otherwise have read-only access to most of your org's settings.
* **End-User**: End-Users have the lowest level of access in Superblocks. They have read-only access to the platform, can't view most org settings, and can only access resources they've been given access to.
For more granular control of permissions, you can create custom organization roles. For more information, see [Custom organization roles](/admin/org-administration/org-roles/custom-roles)
For more information using roles, see [Using organization roles](/admin/org-administration/org-roles/using-org-roles)
## Permissions for built-in organization roles
The built-in organization roles have the following permissions. For a full list of permissions that can be assigned with organization roles, see the [permissions reference](/admin/org-administration/org-roles/permissions)