Role-based access control
Use RBAC to determine who can do what on your Goldsky project
Overview
Goldsky supports Role Based Access Control (RBAC) to help you restrict what actions can be taken by different members of the team.
We support 4 different roles: Owner, Admin, Editor and Viewer. The permissions are listed below:
Owner- Can do everything an
Admincan do - Can add other
Owners to the project - Can remove other
Owners from the project - Can update the role of teammates to
Owner - Can change the subscription and billing information of the project
- Can do everything an
Admin- Can do everything an
Editorcan do - Can invite non-
Ownerteammates to a project - Can remove non-
Ownerteammates from a project - Can update the role of non-
Ownerteammates on a project
- Can do everything an
Editor- Can do everything a
Viewercan do - Can create, update and delete API keys
- Can create, update and delete subgraphs
- Can create, update and delete pipelines
- Can create, update and delete secrets
- Can create, update and delete webhooks
- Can edit the name of a project
- Can do everything a
Viewer- Can view subgraphs
- Can view pipelines
- Can view secrets
- Can view webhooks
- Can view metrics
- Can view teammates
- Can leave a project
- Can create new projects
Using the Webapp
Adding a teammate to your project
When adding a teammate you will be prompted to select the desired role for the new teammate(s). The default selected role is Viewer
Changing the role of teammates
You must be an Admin to change the role of your teammate(s).
To manage the RBAC settings for the team members of a given project, select the project and navigate to the Settings menu.
Click on the overflow menu and click on Update Role
Using the Command Line
Adding a teammate to your project
Use the --role flag of goldsky project users invite to select which role the invited users will have. The default role is Viewer.
goldsky project users invite --emails "<user1email>" "<user2email>" (passing as many emails as you want) --role <role>
Changing the role of teammates
Use the --role flag of goldsky project users update to change the role a user defined by the --email
goldsky project users update --email "<userToRemoveEmail>" --role <role>
Was this page helpful?