Role Permissions
Manage role-based access control (RBAC)—define what users can view, create, modify, and run so teams collaborate securely with least privilege.
Overview
Role permissions implement RBAC (role-based access control). Roles determine what a user can:
- view (projects, results, settings)
- create/edit (endpoints, tests, configurations)
- execute (runs, schedules, CI triggers)
- administer (users, roles, system settings)
Default roles (typical)
Your deployment may include roles similar to these:
| Role | Typical use | Notes | | --- | --- | --- | | Admin | Platform administration | Full access to users, settings, and projects | | Contributor/Tester | Build and run tests | Can create/edit tests in assigned projects | | Environment manager | Manage environments | Focused on environment setup and maintenance | | Reader | View-only | Read-only access to results and reports | | Reviewer | Approvals | Reviews workflows/changes (where applicable) |
How to assign roles safely
- Start with least privilege.
- Grant access per responsibility (builders vs operators vs viewers).
- Review role assignments periodically (quarterly is a good default).
Best practices
- Keep admin membership small and monitored.
- Use dedicated roles for automation tokens and CI (see Public API).
- Pair RBAC with auditability (see Audit logs).
Related articles
Related articles
- AI Settings · Product documentation
- Audit Logs · Product documentation
- Configuration · Product documentation
- Debug Logging · Product documentation
- Email Settings · Product documentation
- Email Templates · Product documentation
Next steps
- Getting started · Install + connect your spec
- Configuration fundamentals · Stabilize runs
- Initial configuration · Users, licensing, projects
- Release notes · Updates and fixes
Still stuck?
Tell us what you’re trying to accomplish and we’ll point you to the right setup—installation, auth, or CI/CD wiring.