Access Control

As an account administrator, you can define roles with specific permissions for resources and apply those roles to users within the account.

List all roles

To see a list of roles in your account, first go to the Team settings page by clicking on your avatar in the top right corner, then clicking on the "Team" button.

On the Team settings page, click the "Roles" tab to see all the roles in your account:

Create a role

To create a new role, click the "Add Role" button. Enter a name and optional description for the role, then click "Add Policy" and select either "Deployment" or "Global" for this policy's scope.

Deployment policies apply to deployment-level functionality, such as the Playground and Data Model editor. Global policies apply to account-level functionality, such as Billing. Once the policy scope has been selected, you can restrict which actions this role can perform by selecting "Specific" and using the dropdown to select specific actions.

When you are finished, click "Create Role" to create the role.

Assigning roles to users

Roles are assigned to new users when inviting them:

Existing users' roles can be modified from the "Members" tab on the Team page: