Skip to main content

Role-Based Access Control

Role-Based Access Control (RBAC) is a method for regulating access based on the roles of individual users. In RBAC, roles are assigned to users based on permissions according to the roles. RBAC helps in enforcing the principle of least privilege, reducing the risk of accidental or malicious access to sensitive data. It also streamlines the process of adding, removing, or changing permissions since it only requires updating the user role.

Understanding User Roles​

This image is a hierarchical diagram titled Roles by Level, showing how roles are organized across different levels within an organization. At the top is the Organization level with roles like Org Admin, Org Contributor, and Org Member, followed by the Project level with roles such as Project Admin, Project Architect, Project Contributor, and Project Member, and finally, the Environment level with roles including Environment Admin and Environment Reader.
  • Organization - They tend to have access to organization level settings such as being able to create projects for the organization. Review Organization Roles for an in-depth explanation of each organization role.
  • Project - These roles can work in the project they are assigned to. This is where data architects and data engineers will be assigned to build out the data pipeline. Review Project Roles for an in-depth explanation of each organization role.
  • Environment - Environment roles can deploy pipelines and view documentation. These are good for data and business analysts who need to review information or operations to deploy pipelines. Review Environment Roles for an in-depth explanation of each organization role.

User Role Assignment Example​

This image is a diagram titled Example of User Role Assignment, illustrating how a user named Lorenzo, a Senior Data Engineer, is assigned roles across different levels in an organization named Innovate Corp. Lorenzo holds the Org Contributor role at the organization level, the Project Admin role in the Finance project, and the Environment Admin role in multiple environments including QA, UAT, Development, and Staging, with the Environment Reader role assigned in the Production environment.

Let’s go through an example of assigning a user role. There is a Senior Data Engineer on your team and they need to be able to work on multiple projects.

In the example the engineer is assigned to the Organization as an Org Contributor. They will be able to create projects, assign users to projects, and manage project settings.

They are also added to the projects for Finance, Marketing, and Sales. As an Org Contributor, the data engineer only has full access to the projects they created. They will need to be assigned to other projects. In the Marketing project, they are a Project Architect meaning they can build node types and configure the storage locations. In the Sales Project, they are a Project Member which is the role assigned to give them Environment access. They do not have access to a project, but since the roles are hierarchical, they need to be given Project level permissions first.

At the environment level, in the Finance project, there are two environments, QA and UAT. They are an Environment Admin on both. An Environment Admin can approve deployment and schedule jobs. In the Sales project, there are two environments, Staging and Production. They have no access to the Staging environment, but they are an Environment Reader in Production. An Environment Reader has access to the documentation so they can understand the data pipelines for that environment.

Coalesce RBAC gives you full control over user access in the platform. Assign users the roles they need to perform their roles.

What's Next?​