> ## Documentation Index
> Fetch the complete documentation index at: https://docs.superblocks.com/llms.txt
> Use this file to discover all available pages before exploring further.
# About resource roles
> Use resource roles to define permissions on specific Applications, Integrations, Workflows, and Schedued Jobs
export const ResourcePermissionMatrix = () => {
const Check = () => ✓;
const X = () => ✗;
const permissions = [{
"permission": "apps:update",
"permission_label": "Edit applications",
"description": "Edit application, including creating branch and commits.",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "apps:deploy",
"permission_label": "Deploy app commits",
"description": "Deploy a commit on the application's default branch to make it live for end-users.",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "apps:delete",
"permission_label": "Delete applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}, {
"permission": "apps:manage_visibility",
"permission_label": "Make applications publicly visible",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}, {
"permission": "apps:share",
"permission_label": "Manage access to applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}, {
"permission": "apps:preview",
"permission_label": "View branch & commit previews applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "apps:view",
"permission_label": "View live version of applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer", "End-User"],
"resource_roles": ["Admin", "Developer", "End-User"]
}, {
"permission": "integrations:update",
"permission_label": "Update integration credentials/configurations",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}, {
"permission": "integrations:delete",
"permission_label": "Delete integrations",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}, {
"permission": "integrations:share",
"permission_label": "Manage access to integrations",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}, {
"permission": "integrations:build",
"permission_label": "Use integrations in APIs",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "jobs:update",
"permission_label": "Edit Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "jobs:deploy",
"permission_label": "Deploy job commits",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "jobs:delete",
"permission_label": "Delete Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}, {
"permission": "jobs:share",
"permission_label": "Manage development access to Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}, {
"permission": "jobs:manage_schedule",
"permission_label": "Manage cron schedule associated with Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "jobs:run",
"permission_label": "Start one time execution of Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "workflows:update",
"permission_label": "Edit Workflows",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "workflows:deploy",
"permission_label": "Deploy Workflow commits",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": ["Admin", "Developer"]
}, {
"permission": "workflows:delete",
"permission_label": "Delete Workflows",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}, {
"permission": "workflows:share",
"permission_label": "Manage developer access to Workflows",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": ["Admin"]
}];
const resourceGroups = permissions.filter(item => item.resource_roles && item.resource_roles.length > 0).reduce((acc, item) => {
if (!acc[item.resource]) {
acc[item.resource] = [];
}
acc[item.resource].push(item);
return acc;
}, {});
const getResourceRoles = resourcePermissions => {
const allRoles = resourcePermissions.map(item => item.resource_roles).flat();
const uniqueSet = new Set(allRoles);
return Array.from(uniqueSet).sort();
};
const getResourceLabel = (resource, prevResource) => {
return resource !== prevResource ? resource : '';
};
return <>
{Object.entries(resourceGroups).map(([resource, perms]) => {
const roles = getResourceRoles(perms);
return
{resource}
| Resource |
Permission |
{roles.map(r => {r} | )}
{perms.map((item, index) =>
| {getResourceLabel(item.resource, perms[index - 1]?.resource)} |
{item.permission} |
{roles.map(r =>
{item.resource_roles && item.resource_roles.includes(r) ? : }
| )}
)}
;
})}
;
};
export const PermissionList = ({type}) => {
const permissions = [{
"permission": "access_tokens:manage",
"permission_label": "Manage org access tokens",
"description": "Access to create, view, update, and delete org-wide access tokens.",
"ref": {
"title": "Manage access tokens",
"url": "/administration/security/access-tokens"
},
"resource": "Access tokens",
"roles": ["Owner", "Admin"]
}, {
"permission": "access_tokens:read",
"permission_label": "View org access tokens",
"description": "Access to view org-wide access tokens. Can only view token metadata, not token values.",
"ref": {
"title": "Manage access tokens",
"url": "/administration/security/access-tokens"
},
"resource": "Access tokens",
"roles": ["Owner", "Admin"]
}, {
"permission": "agents:manage",
"permission_label": "Manage On-Premise Agents",
"description": "Deploy and manage On-Premise Agents used to execute organization code.",
"ref": {
"title": "About On-Premise Agent",
"url": "/on-premise-agent/overview"
},
"resource": "Agents",
"roles": ["Owner", "Admin"]
}, {
"permission": "agents:read",
"permission_label": "View On-Premise Agents",
"description": "View On-Premise Agents registered to execute organization code.",
"ref": {
"title": "About On-Premise Agent",
"url": "/on-premise-agent/overview"
},
"resource": "Agents",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "apps:create",
"permission_label": "Create Applications",
"description": "Access to create new Application",
"type": "development",
"ref": {
"title": "About Applications",
"url": "/applications/overview"
},
"resource": "Applications",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "apps:update",
"permission_label": "Edit applications",
"description": "Edit application, including creating branch and commits.",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "apps:deploy",
"permission_label": "Deploy app commits",
"description": "Deploy a commit on the application's default branch to make it live for end-users.",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "apps:delete",
"permission_label": "Delete applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "apps:manage_visibility",
"permission_label": "Make applications publicly visible",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "apps:share",
"permission_label": "Manage access to applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "apps:preview",
"permission_label": "View branch & commit previews applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "apps:view",
"permission_label": "View live version of applications",
"resource": "Applications",
"roles": ["Owner", "Admin", "Admin", "Developer", "End-User"],
"resource_roles": []
}, {
"permission": "folders:manage",
"permission_label": "Manage home page folders",
"description": "Access to create, update, and delete folders users see on the Superblocks home page.",
"resource": "Folders",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "groups:manage",
"permission_label": "Manage user groups",
"description": "Access to create, view, update, and delete organization groups.",
"ref": {
"title": "Managing user groups",
"url": "/administration/groups/managing-groups"
},
"resource": "Groups",
"roles": ["Owner", "Admin"]
}, {
"permission": "groups:read",
"permission_label": "View user groups",
"description": "Access to view organization groups.",
"ref": {
"title": "Managing user groups",
"url": "/administration/groups/managing-groups"
},
"resource": "Groups",
"roles": ["Owner", "Admin", "Developer", "End-User"]
}, {
"permission": "groups.members:manage",
"permission_label": "Manage group members",
"description": "Access to add and remove members from user groups.",
"ref": {
"title": "Manage group members",
"url": "/administration/groups/managing-groups#add-members-to-a-group"
},
"resource": "Groups",
"roles": ["Owner", "Admin"]
}, {
"permission": "groups.members:read",
"permission_label": "View group members",
"description": "Access to see which users are members of a group.",
"ref": {
"title": "Managing user groups",
"url": "/administration/groups/managing-groups"
},
"resource": "Groups",
"roles": ["Owner", "Admin", "Developer", "End-User"]
}, {
"permission": "integrations:create",
"permission_label": "Create Integration",
"type": "development",
"description": "Access to create new Integrations",
"ref": {
"title": "About Integrations",
"url": "/integrations/overview"
},
"resource": "Integrations",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "integrations:update",
"permission_label": "Update integration credentials/configurations",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "integrations:delete",
"permission_label": "Delete integrations",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "integrations:share",
"permission_label": "Manage access to integrations",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "integrations:build",
"permission_label": "Use integrations in APIs",
"resource": "Integrations",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "logs:read",
"permission_label": "View organization audit logs",
"description": "Access logs for the organization. Logs many contain agent, profile, repository, or user information not otherwise accessible by viewer.",
"ref": {
"title": "About Logs",
"url": "/admin/audit-logs"
},
"resource": "Logs",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "logs.streams:manage",
"permission_label": "Manage log streams",
"description": "Access to add, update, and remove Observability integrations used to stream logs to 3rd party monitoring platforms.",
"ref": {
"title": "Streaming Logs to Observability vendor",
"url": "/development-lifecycle/monitor/observability"
},
"resource": "Logs",
"roles": ["Owner", "Admin"]
}, {
"permission": "logs.streams:read",
"permission_label": "View log streams",
"description": "Access to view Observability integrations configured for the organization.",
"ref": {
"title": "Streaming Logs to Observability vendor",
"url": "/development-lifecycle/monitor/observability"
},
"resource": "Logs",
"roles": ["Owner", "Admin"]
}, {
"permission": "org:manage",
"permission_label": "Manage organization meta",
"description": "Access to fully manage the organization, including the org's name, domains, plan, etc.",
"resource": "Org",
"roles": ["Owner"]
}, {
"permission": "org:read",
"permission_label": "View organization meta",
"description": "Read-only access to organization settings like org name, domains, etc.",
"resource": "Org",
"roles": ["Owner", "Admin", "Developer", "End-User"]
}, {
"permission": "org.users:manage",
"permission_label": "Manage org members",
"description": "Access to invite members to the organization, manage invites, and deactivate/reactivate member accounts.",
"ref": {
"title": "Managing members",
"url": "/administration/members"
},
"resource": "Org",
"roles": ["Owner", "Admin"]
}, {
"permission": "org.users:read",
"permission_label": "View org members",
"description": "Access to view who is a member of the organization.",
"ref": {
"title": "Managing members",
"url": "/administration/members"
},
"resource": "Org",
"roles": ["Owner", "Admin", "Developer", "End-User"]
}, {
"permission": "profiles:manage",
"permission_label": "Manage profiles",
"description": "Access to create, view, update, and delete data profiles for the organization.",
"ref": {
"title": "About Profiles",
"url": "/development-lifecycle/build/profiles"
},
"resource": "Profiles",
"roles": ["Owner", "Admin"]
}, {
"permission": "profiles:read",
"permission_label": "View profiles",
"description": "Access to view the organization's data profiles.",
"ref": {
"title": "About Profiles",
"url": "/development-lifecycle/build/profiles"
},
"resource": "Profiles",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "repos:manage",
"permission_label": "Manage repositories",
"description": "Access to create, view, update, and delete connection git repositories.",
"ref": {
"title": "Set up repositories",
"url": "/development-lifecycle/source-control/setup/"
},
"resource": "Repositories",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "repos:read",
"permission_label": "View repositories",
"description": "Access to view connection git repositories.",
"ref": {
"title": "Set up repositories",
"url": "/development-lifecycle/source-control/setup/"
},
"resource": "Repositories",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "roles:manage",
"permission_label": "Manage roles & permissions",
"description": "Access to create, view, update, and delete custom organization and resource roles. This permission does not let users assign custom roles.",
"ref": {
"title": "Manage roles & permissions",
"url": "/administration/rbac"
},
"resource": "Roles",
"roles": ["Owner", "Admin"]
}, {
"permission": "roles:read",
"permission_label": "View org roles & permissions",
"description": "Access to view organization and resource roles.",
"ref": {
"title": "Manage roles & permissions",
"url": "/administration/rbac"
},
"resource": "Roles",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "jobs:create",
"permission_label": "Create Scheduled Jobs",
"type": "development",
"description": "Access to create new Scheduled Jobs",
"ref": {
"title": "About Scheduled Jobs",
"url": "/scheduled-jobs/overview"
},
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "jobs:update",
"permission_label": "Edit Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "jobs:deploy",
"permission_label": "Deploy job commits",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "jobs:delete",
"permission_label": "Delete Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "jobs:share",
"permission_label": "Manage development access to Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "jobs:manage_schedule",
"permission_label": "Manage cron schedule associated with Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "jobs:run",
"permission_label": "Start one time execution of Scheduled Jobs",
"resource": "Scheduled Jobs",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "secrets_stores:manage",
"permission_label": "Manage secret stores",
"description": "Access to create and manage organization secret stores.",
"ref": {
"title": "Using secret managers",
"url": "/development-lifecycle/build/secrets-management"
},
"resource": "Secret stores",
"roles": ["Owner", "Admin"]
}, {
"permission": "workflows:create",
"permission_label": "Create Workflows",
"type": "development",
"description": "Access to create new Workflows",
"ref": {
"title": "About Workflows",
"url": "/workflows/overview"
},
"resource": "Workflows",
"roles": ["Owner", "Admin", "Developer"]
}, {
"permission": "workflows:update",
"permission_label": "Edit Workflows",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "workflows:deploy",
"permission_label": "Deploy Workflow commits",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin", "Developer"],
"resource_roles": []
}, {
"permission": "workflows:delete",
"permission_label": "Delete Workflows",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}, {
"permission": "workflows:share",
"permission_label": "Manage developer access to Workflows",
"resource": "Workflows",
"roles": ["Owner", "Admin", "Admin"],
"resource_roles": []
}];
let filteredPermissions = permissions;
if (type === 'governance') {
filteredPermissions = permissions.filter(item => !item.resource_roles && item?.type !== 'development');
} else if (type === 'development') {
filteredPermissions = permissions.filter(item => !item.resource_roles && item.type === 'development');
} else if (type === 'resources') {
const resourceGroups = permissions.filter(item => !!item.resource_roles).reduce((acc, item) => {
if (!acc[item.resource]) {
acc[item.resource] = [];
}
acc[item.resource].push(item);
return acc;
}, {});
return <>
{Object.entries(resourceGroups).map(([resource, perms]) =>
{resource}
| Permission |
Description |
{perms.map(item =>
{item.permission} |
{item.description || item.permission_label} |
)}
)}
;
}
return
| Permission |
Description |
More info |
{filteredPermissions.map(item =>
{item.permission} |
{item.description || item.permission_label} |
{item.ref && {item.ref.title}}
|
)}
;
};
export const CardGrid = ({cards}) => {
if (!cards || !Array.isArray(cards)) {
return null;
}
return ;
};
You can give organization members and groups different levels of access to specific Applications, Integrations, Workflows, and Scheduled Jobs. Just choose the role that best fits each person or groups's function without giving them more access than they need.
Each permissionable resource comes with a set up [built-in roles](#resources-with-roles). You can also create custom resource roles to customize levels of access. For more information, see [Custom resource roles](/admin/org-administration/resource-roles/custom-roles)
Organization admins can also set base permissions that all members will receive for newly created resources. For more information, see [Setting base permissions for resources](/admin/org-administration/resource-roles/base-permissions)
## Resources with roles
Not all resources support resource roles. Resources that support roles are those which let a user share an instance of a resource with users and groups.
For example, applications support resource roles because users can independently share **Application A** and **Application B** with different sets of users. Data plane instances don't support resource roles since the are set up at the platform level and not individually shared with users.
The following resources currently support resource-role assignments:
* [Applications](#applications)
* [Integrations](#integrations)
* [Scheduled Jobs](#scheduled-jobs)
* [Workflows](#workflows)
## Permissions for roles
Each resource has a unique set of built-in roles based on the common patterns of permissions that organizations generally use. The following built-in roles are available in every organization for the following resources:
## Further reading