Overview
Within Accounts, many people can work across the StackSpot Platform for different purposes. Therefore, they need different types of access and permissions. In StackSpot it is used the Policy-Based Access Control (PBAC), Attribute-Based Access Control (ABAC), and Role-Based Access Control (RBAC) systems to create a powerful and flexible access control framework.
This means that user permissions across the platform are based on resources and types of roles they have. Permissions are based on:
- Resource Type.
- Resource.
- Action.
See below an overview of the main concepts for understanding roles and permissions:
Main Concepts
| Concept | Description | Example |
|---|---|---|
| Account Member | Users that are part of your Account Organization. | - |
| Groups | Groups are a collection of several users who have the same types of roles and resources, which means the same level of permission. | There can be a group with: Studio Administrator and Content Creator permissions; five members; and one Studio called New-Studio as a resource. |
| Resource Type | Represents the entities from StackSpot where the resources came from. | StackSpot Platform, Account, Studio, Workspace. |
| Resource | Resources represent the objects that users interact with. | Plugins, Links, Stacks, Starters, and others. |
| Permissions | Permissions are a set of actions defined for one or more platform resources | Permission to activate an Account and to create a Stack. |
| Actions | Actions are automated tasks that a user can do with a resource. | "Publish a Plugin in a Studio." "Publish" is the action, "Plugin" is the resource "in a Studio" is the resource type. |
| Roles | In StackSpot, roles categorize users, or groups of users. It defines what account permissions those users have, such as what data they can read or what account assets they can modify. By granting permissions to roles, any users associated with that role receive that permission. | In StackSpot the default roles are: account_holder; sys_admin, account_admin, workspace_admin, studio_admin, content_creator, developer, sre, partner_admin and partner_member |
Next Steps
- Learn more about roles in StackSpot;
- Learn more about permissions in StackSpot;
- Manage your Account members;
- Create Groups to manage your Account members roles and permissions.
Was this page helpful?