Role-based access control
Nobl9 supports role-based access control (RBAC) to ensure granular user permissions and access to resources in the Nobl9 platform.
There are two levels of permissions, the organization level and the project level:
- Organization roles ensure access across the Nobl9 platform. Depending on the desired access rights, users can be assigned the Organization Admin, User, Viewer, Integrations User, or Responder role.
- Project roles entitle users to access a project and its underlying resources, such as services or SLOs. Project-level roles include Project Owner, Editor, Viewer, Integrations User, and Responder.
Overviewβ
Here, you can find descriptions of different organization- and project-level roles.
Organization-level rolesβ
- Admin
- User
- Viewer
- Responder
Organization Admins have full read and write access to all areas in the Nobl9 platform. They are responsible for setting up single sign-on (SSO) and user management. Organization Admins can:
-
Add, delete, and suspend users
-
Assign organization- and project-level roles to other users
-
Promote other users to the Admin role
-
Grant other users view access to all projects
For example, this type of access can be granted to executives who require read-only access to all services for dashboards -
Access all projects
-
Create new projects
-
Create, edit, delete, and view user annotations
See the SLO annotations section of the documentation -
View and delete system annotations
See the SLO annotations section of the documentation -
Create, edit, delete, and view SLI analyses
For more information, refer to the SLI Analyzer documentation
By default, anyone who signs in to the Nobl9 platform is an Organization User (unless a different default role has been set for your organization). Organization Users can be granted access to one or more projects by being assigned the role of Project Owner, Editor, Viewer, or Integrations User. Organization Users can:
-
Create projects
And automatically become the Owner of these projects -
Manage resources
WHen they are assigned the Owner or Editor role for the project in question -
View SLOs and other resources for projects in which they are assigned the Viewer role
Organization Users can only see the resources in a project if they have been granted access to this project by the Organization Admin or the Project Owner.
An Organization Viewer has read-only access to all resources in the Nobl9 platform. Organization Viewers can:
-
View services
-
View projects
-
View SLOs
-
View dashboards
-
View integrations
-
View alert methods
-
View other users
-
View annotations
-
View SLI analyses
Organization Viewers cannot edit any resources in the Nobl9 platform.
An Organization Responder has read-only access to most of the resources in the Nobl9 platform except SLO annotations and alert silence. Organization Responders can create and manage these resources. Organization Responders can:
-
View services
-
View projects
-
View SLOs
-
View dashboards
-
View integrations
-
View alert methods
-
View reports
-
View other users
-
Create, edit, delete, and view user annotations
-
View system annotations
-
View, apply, and delete alert silence
-
View SLI analyses
Project-level rolesβ
- Owner
- Editor
- Viewer
- Integrations User
- Responder
Project Owners have read and write access to the project(s) they own. A Project Owner can:
-
Add existing Nobl9 users to the project
-
Manage existing usersβ levels of access to the project
-
Remove users from the project
-
Delete the project
-
Create, edit, delete, and view annotations in the project
The Project Editor is the primary user of the Nobl9 platform. Project Editors can:
-
Create, edit, and delete resources in the projects they are assigned to
-
Manage SLOs, integrations, and alert policies
-
View dashboards
-
Pull reports and charts
-
Create, edit, delete, and view annotations in the projects they can edit
The Project Viewer is the primary consumer of data in the Nobl9 platform. Project Viewers can:
-
Generate reports for the projects to which they are assigned
-
View dashboards in the projects to which they are assigned
-
View the SLO grid in the projects to which they are assigned
-
View annotations
Project Viewers cannot create, edit, or delete resources.
A Project Integrations User can use a data source or an alert method in a given project, but cannot create, edit, or delete project resources. Project Integrations Users can:
-
Use a data source from one project to set up SLOs in another project
-
Use an alert method from one project to configure an alert policy in another project
For example, if a user is a Project Editor for Project A and a Project Integrations User for Project B, they can use data sources and alert methods from Project B in Project A. However, they cannot edit any resources in Project B.
Project Responder can manage SLO annotations and alert silence (view, apply, and delete these resources). Project Responders can:
-
View services
-
View SLOs
-
View projects to which they are assigned
-
View dashboards in the projects to which they are assigned
-
Create, edit, delete, and view user annotations
-
View system annotations
-
View, apply, and delete alert silence
You can find the detailed instructions on managing users and user roles as well as projects and project resources in RBAC.