Skip to main content

Role-Based Access Control (RBAC)


Signadot supports Role-Based Access Control with two roles: admin and member.


Both admin and member users have read access to all the entities and functions pertaining to their organization. However, write access (includes create, update, delete) varies: members' access is focused on application-related entities, without the ability to engage in administration or management functions, which are reserved for admins. The table below charts it out:

admin (write)member (write)
Resource Plugins
Route Groups
Clusters & Cluster Tokens
API Keys
Users & User Invites
Settings: SSO
Settings: Authorized Domains
Settings: Preserved Labels

Role Assignment

When creating an organization
The user creating an organization will automatically assume the admin role. This ensures that there is at least one admin who has full control over the organization's settings and operations from the outset.

When inviting a user
A role can be assigned at the time of inviting a user. This allows the organization's admin(s) to control the level of access a new user will have right from the start.

Upon Auto-Provisioning
Users auto-provisioned based on Authorized Domains or SSO Auto-provisioning settings are assigned member role by default.

Role Management

admins can manage user roles from the Dashboard on the "Users" page.