Aptible organizations represent an administrative domain consisting of users and resources.
Users represent individuals or robots with access to your organization. A user’s assigned roles determine their permissions and what they can access Aptible. Manage users in the Aptible dashboard by navigating to Settings > Members.
Use roles to define users’ access in your Aptible organization. Manage roles in the Aptible Dashboard by navigating to Settings > Roles.
The Account Owners Role is one of the built-in roles in your organization that grants the following:
The Deploy Owners Role is one of the built-in roles in your organization that grants the following:
Use custom roles to configure which Aptible environments a user can access and what permissions they have within those environments. Aptible provides many permission types so you can fine-tune user access.
Since roles define what environments users can access, we highly recommend using multiple environments and roles to ensure you are granting access based on the least-privilege principle.
The Custom Role Admin role is an optional role that grants:
Custom Role Members have access to resources as defined by the permission types of their custom role.
Manage custom role permission types in the Aptible Dashboard by navigating to Settings > Roles. Select the respective role, navigate to Environments, and grant the desired permissions for the separate environments.
Assign one of the following permissions to give users read permission in a specific environment:
To give users write permission to a given environment, you can assign the following permissions:
This matrix describes the required permission (header) for actions available for a given resource(left column).
Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel | |
---|---|---|---|---|---|---|---|
Environment | --- | --- | --- | --- | --- | --- | --- |
Deprovision | ✔ | ✔ | |||||
Rename | ✔ | ||||||
Manage Backup Retention Policy | ✔ | ||||||
Apps | Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel |
Create | ✔ | ✔ | ✔ | ||||
Deprovision | ✔ | ✔ | |||||
Read Configuration | ✔ | ✔ | ✔ | ||||
Configure | ✔ | ✔ | ✔ | ||||
Rename | ✔ | ✔ | |||||
Deploy | ✔ | ✔ | |||||
Rebuild | ✔ | ✔ | |||||
Scale | ✔ | ✔ | ✔ | ||||
Restart | ✔ | ✔ | ✔ | ||||
Create Endpoints | ✔ | ✔ | |||||
Deprovision Endpoints | ✔ | ✔ | |||||
Stream Logs | ✔ | ✔ | ✔ | ||||
SSH/Execute | ✔ | ✔ | |||||
Scan Image | ✔ | ✔ | ✔ | ||||
Databases | Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel |
Create | ✔ | ✔ | |||||
Deprovision | ✔ | ✔ | |||||
Read Credentials | ✔ | ✔ | |||||
Create Backups | ✔ | ✔ | ✔ | ||||
Restore Backups | ✔ | ✔ | |||||
Delete Backups | ✔ | ✔ | |||||
Rename | ✔ | ✔ | |||||
Restart / Reload / Modify | ✔ | ✔ | ✔ | ||||
Create Replicas | ✔ | ✔ | |||||
Unlink Replicas | ✔ | ✔ | |||||
Create Endpoints | ✔ | ✔ | |||||
Deprovision Endpoints | ✔ | ✔ | |||||
Create Tunnels | ✔ | ✔ | |||||
Stream Logs | ✔ | ✔ | ✔ | ||||
Log and Metric Drains | Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel |
Create | ✔ | ✔ | ✔ | ||||
Deprovision | ✔ | ✔ | ✔ | ✔ | |||
SSL Certificates | Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel |
Create | ✔ | ✔ |
Aptible organizations represent an administrative domain consisting of users and resources.
Users represent individuals or robots with access to your organization. A user’s assigned roles determine their permissions and what they can access Aptible. Manage users in the Aptible dashboard by navigating to Settings > Members.
Use roles to define users’ access in your Aptible organization. Manage roles in the Aptible Dashboard by navigating to Settings > Roles.
The Account Owners Role is one of the built-in roles in your organization that grants the following:
The Deploy Owners Role is one of the built-in roles in your organization that grants the following:
Use custom roles to configure which Aptible environments a user can access and what permissions they have within those environments. Aptible provides many permission types so you can fine-tune user access.
Since roles define what environments users can access, we highly recommend using multiple environments and roles to ensure you are granting access based on the least-privilege principle.
The Custom Role Admin role is an optional role that grants:
Custom Role Members have access to resources as defined by the permission types of their custom role.
Manage custom role permission types in the Aptible Dashboard by navigating to Settings > Roles. Select the respective role, navigate to Environments, and grant the desired permissions for the separate environments.
Assign one of the following permissions to give users read permission in a specific environment:
To give users write permission to a given environment, you can assign the following permissions:
This matrix describes the required permission (header) for actions available for a given resource(left column).
Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel | |
---|---|---|---|---|---|---|---|
Environment | --- | --- | --- | --- | --- | --- | --- |
Deprovision | ✔ | ✔ | |||||
Rename | ✔ | ||||||
Manage Backup Retention Policy | ✔ | ||||||
Apps | Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel |
Create | ✔ | ✔ | ✔ | ||||
Deprovision | ✔ | ✔ | |||||
Read Configuration | ✔ | ✔ | ✔ | ||||
Configure | ✔ | ✔ | ✔ | ||||
Rename | ✔ | ✔ | |||||
Deploy | ✔ | ✔ | |||||
Rebuild | ✔ | ✔ | |||||
Scale | ✔ | ✔ | ✔ | ||||
Restart | ✔ | ✔ | ✔ | ||||
Create Endpoints | ✔ | ✔ | |||||
Deprovision Endpoints | ✔ | ✔ | |||||
Stream Logs | ✔ | ✔ | ✔ | ||||
SSH/Execute | ✔ | ✔ | |||||
Scan Image | ✔ | ✔ | ✔ | ||||
Databases | Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel |
Create | ✔ | ✔ | |||||
Deprovision | ✔ | ✔ | |||||
Read Credentials | ✔ | ✔ | |||||
Create Backups | ✔ | ✔ | ✔ | ||||
Restore Backups | ✔ | ✔ | |||||
Delete Backups | ✔ | ✔ | |||||
Rename | ✔ | ✔ | |||||
Restart / Reload / Modify | ✔ | ✔ | ✔ | ||||
Create Replicas | ✔ | ✔ | |||||
Unlink Replicas | ✔ | ✔ | |||||
Create Endpoints | ✔ | ✔ | |||||
Deprovision Endpoints | ✔ | ✔ | |||||
Create Tunnels | ✔ | ✔ | |||||
Stream Logs | ✔ | ✔ | ✔ | ||||
Log and Metric Drains | Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel |
Create | ✔ | ✔ | ✔ | ||||
Deprovision | ✔ | ✔ | ✔ | ✔ | |||
SSL Certificates | Environment Admin | Full Visibility | Deployment | Destruction | Ops | Sensitive Access | Tunnel |
Create | ✔ | ✔ |