Role-Based Access Control (RBAC)
Learn how to manage Users with Roles in Humanitec.

Introduction

Humanitec allows developers in your team or from across your Organization to collaborate on tasks related to delivering software. Users can be invited to join an Organization in Humanitec. They can sign in using their existing GitHub or Google accounts. Users can work on specific Apps with permissions to perform certain actions such as Deploy to Production based on Roles that are granted by Organization Administrators and Managers.

Managing access with Roles

Humanitec uses Roles to assign privileges to Users in a system. Roles encapsulate the granular permissions that a User will need in order to perform certain tasks associated with their job. Each User can have Roles in specific Organizations, Applications, and Environment Types.

Example

    A User with the Developer Role is able to update the configuration for an App the User has access to. But the User cannot delete the App.
    A User with the Viewer Role will not be able to make updates to the configuration.

Organization Roles

Organization Roles cover permissions that affect the entire Organization in Humanitec. This includes User Management, API Tokens, Images, Resources, and Apps.
Role
Description
Member
Can access Apps they have a Role for.
Manager
Same as the Member Role. In addition, can invite and remove Users from the Organization in Humanitec, issue API Tokens, and create Apps.
Administrator
Has full access to everything within the Organization in Humanitec.

Notes

    The User who originally created the Organization will have the Administrator Role by default.
    There must always be at least one User in the Organization with the Administrator Role.
    The Administrator is the only Role that can update Resources.

Inviting Users to an Organization

An Organization Administrator or Manager (see Organization Roles) can invite new users to join an existing Organization in Humanitec. An invitation involves sending an email that contains a one-time link that the invited User can follow to associate either their GitHub or Google account with the Organization in Humanitec. The link will expire after 7 days. If the link has expired before a User has accepted the invite, a new invite can be sent.
Users can be invited to an existing Organization from the Organization Settings. Note that only Organization Administrators and Managers can invite users.
    1.
    Select Organization settings from the top right dropdown menu.
    2.
    In Organization Settings, select the Organization members tab.
    3.
    Add the email address of the User to invite in the Email text box on the left hand side.
    4.
    Select a role for the User to invite from the Role dropdown on the right hand side. Be aware that you will only have the option to invite Administrators to your Organization if you are an Administrator yourself.
    5.
    Click the Send invite button.
Add new organization members

Application Roles

Application Roles cover permissions that affect a specific App.
Role
Description
Viewer
Has read-only access to the App.
Developer
Can update Configuration, Shared Values and Secrets, and create Environments.
Owner
Same as the Developer Role, but can additionally configure Webhooks, invite and remove Users from the App, and delete the App.

Notes

    The User who originally created the App will have the Owner Role by default.
    Developer and Owner Roles can only create or deploy to Environments with the Environment Type they have the Deployer Role for.
    An Owner will not be able to delete an App unless they have the Deployer Role for all the Environment Types used in the App.

Adding Users to an Application

Application Roles can be managed in the App Settings Screen. Note that only Organization Administrators and App Owners can grant Application Roles.
    1.
    Select App settings at the top of the App Details Screen.
    2.
    In App Settings, scroll down to the App members section.
    3.
    Enter the email address or name of the User to add in the text box at the top.
    4.
    Select a role for the User to add from the Role dropdown.
    5.
    Click the Submit button.
User Roles for existing members can be changed on the App Members list.
Add new app members

Environment Type Roles

At this time, there is only one Role for Environment Types.
Role
Description
Deployer
If a User has the Developer or Owner Role of an App, they can create, deploy, and delete Environments of this Environment Type.

Notes

    All Users have the Deployer Role for the default Environment Type development.

Managing Deployers for Environment Types

Environment Type Roles can be managed from the Organization Settings. Note that only Organization Administrators can grant Environment Type Roles.
    1.
    Select Organization settings from the top right dropdown menu.
    2.
    In Organization Settings, select the Environment Types tab.
    3.
    Select the Deployers button on the Environment Type you would like to configure. This will open a configuration pop up.
    4.
    On the pop up, add the email address or name of the User you would like to add as a Deployer.
    5.
    Click the Done button.
Last modified 3d ago