Skip to main content

Role-based access control (RBAC)

Prophecy uses role-based access control (RBAC) to manage permissions across users and teams. Each user is assigned one or more roles that determine what actions they can perform and what resources they can access.

There are three key roles in Prophecy:

  • Standard users: Can access and work within the teams they belong to
  • Team admins: Manage team membership and team-level resources like fabrics and connections
  • Prophecy cluster admins: Administer the overall Prophecy deployment and infrastructure

All users start as standard users by default, with the exception of being their personal team admin. They can be granted the team admin role for specific teams, and automatically become the team admin for any team they create. In contrast, Prophecy cluster admin roles are managed by Prophecy and assigned at the deployment level.

Standard users

Standard users access resources through team assignments. In other words, permissions are governed by team-level access controls. Standard users can:

  • Create projects within their teams
  • Attach to fabrics that are assigned to their teams

Users cannot create or edit fabrics for a team unless they are also a team admin.

info

For more information about best practices, visit Team-based access.

Personal team

Every user is automatically given a personal team, named after their login email. This team includes only the user and grants them team admin permissions, allowing them to create both projects and fabrics for individual use.

Team admins

Team admins manage teams and create resources for their teams. This includes responsibilities like:

  • Adding and removing users from teams
  • Creating fabrics that correspond to different execution environments
  • Setting up connections with the appropriate credentials
  • Deploying projects to run scheduled pipelines

The user who creates a team is automatically assigned as its team admin. Additional team admins can be added or disabled from the Teams tab in Settings.

info

For recommendations regarding team setup and organization, visit Team-based access.

Prophecy cluster admins

Prophecy cluster admins manage clusters, infrastructure, compute resources, and Prophecy deployment. This includes responsibilities such as:

  • Setting up authentication like SSO for the Prophecy environment
  • Managing audit log review and storage
  • Upgrading Prophecy to a newer version
  • Downloading system logs to send to Prophecy's Support team

Prophecy automatically provisions one Prophecy cluster admin per deployment. Additional cluster admins can be created if required.