Organizations roles
To perform any action in Superblocks, a person must have sufficient access to do so. This access is controlled by permissions that grant users the ability to perform a specific action. For example, the ability to build with an integration is a permission.
Roles are used to define a set of permissions that you can assign to individuals or groups.
Resource-level roles give users access to specific Apps, Integrations, Workflows, etc. For more information, see About resource roles
Organization-level roles control the Superblocks features members can access, the administrative actions they can perform, and the level of access users have to all current and future resources created in the org.
Built-in organization roles
Each Superblocks organization, by default comes out of the box with the following built-in roles. These roles are non-editable and are based on common patterns of permissions organizations usually need.
- Owner: Each Superblocks organization has a primary Owner. This person is considered the controller of all org data. Only they can request to delete users, delete the organization, or request plan and billing changes.
- Admin: Admins help manage their organization, including members, groups, and settings. Admins can also access all of the organization's resources to help manage access to these resources.
- Developer: The default non-administrative role is Developer. Developers build and maintain your company's tooling. They can't change org settings, but otherwise have read-only access to most of your org's settings.
- End-User: End-Users have the lowest level of access in Superblocks. They have read-only access to the platform, can't view most org settings, and can only access resources they've been given access to.
For more granular control of permissions, you can create custom organization roles. For more information, see Custom organization roles
For more information using roles, see Using organization roles
Permissions for built-in organization roles
The built-in organization roles have the following permissions. For a full list of permissions that can be assigned with organization roles, see the permissions reference
| Resource | Permission | Owner | Admin | Developer | End-User |
|---|---|---|---|---|---|
| Access tokens | access_tokens:manage | ||||
access_tokens:read | |||||
| Agents | agents:manage | ||||
agents:read | |||||
| Applications | apps:create | ||||
apps:update | |||||
apps:deploy | |||||
apps:delete | |||||
apps:manage_visibility | |||||
apps:share | |||||
apps:preview | |||||
apps:view | |||||
| Folders | folders:manage | ||||
| Groups | groups:manage | ||||
groups:read | |||||
groups.members:manage | |||||
groups.members:read | |||||
| Integrations | integrations:create | ||||
integrations:update | |||||
integrations:delete | |||||
integrations:share | |||||
integrations:build | |||||
| Logs | logs:read | ||||
logs.streams:manage | |||||
logs.streams:read | |||||
| Org | org:manage | ||||
org:read | |||||
org.users:manage | |||||
org.users:read | |||||
| Profiles | profiles:manage | ||||
profiles:read | |||||
| Repositories | repos:manage | ||||
repos:read | |||||
| Roles | roles:manage | ||||
roles:read | |||||
| Scheduled Jobs | jobs:create | ||||
jobs:update | |||||
jobs:deploy | |||||
jobs:delete | |||||
jobs:share | |||||
jobs:manage_schedule | |||||
jobs:run | |||||
| Secret stores | secrets_stores:manage | ||||
| Workflows | workflows:create | ||||
workflows:update | |||||
workflows:deploy | |||||
workflows:delete | |||||
workflows:share |