Role-Based Access Control (RBAC)
Distr provides role-based access control (RBAC) to help you manage who can access and modify different parts of your organization. Understanding roles and permissions is essential for maintaining security and proper access control across your vendor organization and customer organizations.
Overview of User Roles
Section titled “Overview of User Roles”Distr uses a role-based permission system with three standard roles that apply to both vendor organizations (your team) and customer organizations (your end customers):
- Administrator - Full access to all features and settings
- User - Can view and modify most resources, but cannot manage users or organization settings
- Viewer - Can view resources but cannot make changes
Roles and Permissions Matrix
Section titled “Roles and Permissions Matrix”Vendor Organization Roles
Section titled “Vendor Organization Roles”Vendor roles apply to your internal team members who access the Vendor Portal.
| Permission | Admin | User | Viewer |
|---|---|---|---|
| View Dashboard | ✅ | ✅ | ✅ |
| View Applications and Deployments | ✅ | ✅ | ✅ |
| Edit Applications and Deployments | ✅ | ✅ | ❌ |
| View Artifacts and Downoads | ✅ | ✅ | ✅ |
| Create Personal Access Tokens | ✅ | ✅ | ✅ |
| Push Artifacts | ✅ | ✅ | ❌ |
| Pull Artifacts | ✅ | ✅ | ✅ |
| View Licenses | ✅ | ✅ | ✅ |
| Create/Edit/Delete Licenses | ✅ | ✅ | ❌ |
| View Customers | ✅ | ✅ | ✅ |
| Invite/Manage Customers | ✅ | ✅ | ❌ |
| View Users | ✅ | ❌ | ❌ |
| Invite/Manage Users | ✅ | ❌ | ❌ |
| Manage Branding | ✅ | ✅ | ❌ |
| View Subscription | ✅ | ❌ | ❌ |
| Manage Subscription | ✅ | ❌ | ❌ |
| View and Manage Org Settings | ✅ | ❌ | ❌ |
Customer Organization Roles
Section titled “Customer Organization Roles”Customer roles apply to end users who access the Customer Portal for a specific customer organization.
| Permission | Admin | User | Viewer |
|---|---|---|---|
| View Dashboard | ✅ | ✅ | ✅ |
| View Deployments | ✅ | ✅ | ✅ |
| Create/Edit/Delete Deployments | ✅ | ✅ | ❌ |
| Create Personal Access Tokens | ✅ | ✅ | ✅ |
| Push Artifacts | ✅ | ✅ | ❌ |
| Pull Artifacts | ✅ | ✅ | ✅ |
| View Documentation | ✅ | ✅ | ✅ |
| View Users | ✅ | ❌ | ❌ |
| Invite/Manage Users | ✅ | ❌ | ❌ |
| Manage Customer Settings | ✅ | ❌ | ❌ |
How to Invite Users with Specific Roles
Section titled “How to Invite Users with Specific Roles”Inviting Vendor Organization Users
Section titled “Inviting Vendor Organization Users”To add team members to your vendor organization:
- Log in to the Vendor Portal
- Navigate to the Users section in the sidebar
- Click Add User in the top right corner
- Enter the user’s name, email address and select the role.
- Click Submit
The invited user will receive an email with a link to set up their account and password. Once they complete registration, they’ll have access according to their assigned role.
Inviting Customer Organization Users
Section titled “Inviting Customer Organization Users”To add users to a customer organization:
- Log in to the Vendor Portal
- Navigate to the Customers section in the sidebar
- Click on the “Manage Users” at customer organization you want to add users to
- Click Invite User
- Enter the user’s name and email address and select the role.
- Click Submit
Alternatively, customer organization administrators can invite users directly from the Customer Portal:
- Log in to the Customer Portal
- Navigate to Users
- Click Add Use
- Enter the name, email and select the role
- Click Submitn
How Roles Differ Between Plans
Section titled “How Roles Differ Between Plans”Starter Plan
Section titled “Starter Plan”Role Management: Not available
- All internal users automatically have Administrator privileges
- No role selection when inviting users
- All team members have full access to all features
- Customer organizations can only have one user.
Use case: Ideal for small teams or POCs where simplified access control is sufficient.
Pro Plan
Section titled “Pro Plan”Role Management: Full RBAC available
- Three roles available: Administrator, User, Viewer
- Role selection available when inviting users
- Can assign different roles to different team members (internal users)
- Internal users can have granular permissions based on their role
- Customer organizations can also use role-based access
- Multiple customer users per organization with role-based permissions
- Supports SSO integration for enhanced security
- Full control over who can view, edit, or manage different parts of the platform
Use case: Ideal for teams that need granular access control and security compliance. Perfect for organizations where different team members need different levels of access to applications, deployments, licenses, and customer management.
Enterprise Plan
Section titled “Enterprise Plan”Role Management: Advanced RBAC with custom roles
- All Pro plan roles available
- Custom roles can be created with specific permission sets
- Custom workflows and permission combinations
- Advanced SSO and identity provider integrations
- Fine-grained access control for complex organizational structures
Use case: Ideal for large enterprises with complex access requirements and compliance needs.
Managing User Roles
Section titled “Managing User Roles”Administrators can edit or remove any user by locating the user, selecting a new role to update their access, or clicking the delete button to remove them entirely.