Documentation
RBAC Overview
Access Management (RBAC) Overview
Infra0 uses Role-Based Access Control (RBAC) to manage who can do what in the platform. Every feature, page, and action is protected by permissions that are assigned to roles, which are assigned to users.
Accessing Access Management
- Click 'Access Management' in the left sidebar
- Only users with access management permissions can see this page
Key RBAC Concepts
- Permission: A specific action on a resource (e.g., 'project.create', 'terraform.apply')
- Role: A named set of permissions (e.g., 'Admin', 'Manager', 'Editor', 'Viewer')
- User: A person with a Infra0 account, assigned one or more roles
Default Roles
- 1Admin
- Full access to everything
- Can manage users, roles, and permissions
- Can perform all Terraform operations
- Can access all projects and workspaces
- 2Manager
- Can manage users and approve access requests
- Can create and manage projects and workspaces
- Cannot modify role definitions or system settings
- 3Editor
- Can create and edit infrastructure resources
- Can run Terraform init, validate, and plan
- Cannot apply or destroy without additional permissions
- 4Viewer
- Read-only access
- Can view projects, workspaces, and resources
- Cannot make any changes
Access Management Tabs
- Users: Manage user accounts and role assignments
- Access Requests: Review and approve pending access requests
- Permissions: Configure what permissions each role has