Role-Based Access Control

Role-based Access Control (RBAC) restricts the actions that an authenticated user can perform on the RI Platform. These restrictions are mediated by user roles.

Project-level roles

Users are assigned roles with respect to individual projects in a workspace.

The user that creates a project is the Project Owner. Only the Project Owner can publish or unpublish a project. When a user account is removed from a workspace, ownership of projects owned by that account is inherited by the Workspace Administrator that deleted the user account.

Users can have Edit Access to a project. This privilege level enables users to set project settings, configure tests, run tests, and share the project.

Users with View Access can only view information about the project and can neither change settings nor execute any actions with respect to the project.

User account categories

Project access privileges can be assigned in three broad categories:

Privileges granted to the All Users group affect all users with access to the workspace.

Privileges granted to the VP users group affect all users with the VP role.

Privileges granted to Workspace Administrators affect all users with administrative privileges over the workspace.

Changes to privilege levels made in a narrower scope override privilege grants made at a broader scope. For example, when a workspace grants Edit Access to all VP Users, an administrator for that workspace can set an individual VP user account to View Access.

Assigning user privileges

  1. Sign in to a user account that has administrative privileges for an RI Platform instance or a workspace in that instance.

    The Workspaces page appears.

  2. Click the Settings icon in the lower left.

    The Organization Settings page appears.

  3. Click Members.

    The Members pane appears.

  4. Click the three-dot icon at the right of a user and select Edit.

    The Edit Member dialog box appears.

  5. From the Role drop-down, select a new role for the user account.

  6. Click Save.

The user account privilege level is now changed.

Granting a user membership in a workspace

User accounts must have the Organization administrator or Workspace administrator role to grant an existing user membership in a workspace.

User accounts configured to use Single Sign-on (SSO) cannot be assigned membership in a workspace before logging in with SSO once.

  1. Sign in to a user account that has administrative privileges for a workspace.

    The Workspaces page appears.

  2. Click a workspace.

    The summary page for the workspace appears.

  3. Click the Settings icon in the lower left.

    The Workspace Settings page appears.

  4. Click Members.

    The Members pane appears.

  5. Click Add New Member.

    The Add New Member dialog box appears.

  6. In Name, type the username of an existing user account.

    The list of user accounts is filtered by the typed string.

  7. Select a user from the filtered list and click Add.

    Repeat the previous two steps to add more users.

  8. Click Done.

The selected users now have the Workspace user role in addition to any previous roles.

Removing a user from a workspace

  1. Sign in to a user account that has administrative privileges for a workspace.

    The Workspaces page appears.

  2. Click a workspace.

    The summary page for the workspace appears.

  3. Click the Settings icon in the lower left.

    The Workspace Settings page appears.

  4. Click Members.

    The Members pane appears.

  5. Select Remove from the three-dot menu at the right of a listed user.

    A confirmation dialog box appears.

  6. Click Remove Member.

The user is no longer a member of the workspace.