Role Based Access Control
Gremlin provides <span class="code-class-custom">role based access control</span> functionality that grants specific permissions to a role and then a role, or many roles, to each user. Any action taken in the Gremlin UI or API requires a role that grants a user permission for that action. Permissions cannot be assigned independently of roles.
Roles are split into two categories, company and team roles.
- Team roles grant permissions to a user, specifically for work within that team. The team roles control which actions the user can take on behalf of the team, like starting an experiment on that team's clients, or revoking that team's API key.
- Company roles grant permissions for work outside of a team. Company level roles control actions a user can take on behalf of the company, like changing single sign on settings, creating a new team, or removing a user from the company.
To view or edit users and roles, go to your company settings.
The following table describes the permissions that are available for each company role.
The following table describes the permissions that are available for each team role.
Is a user required to have both team and company roles?
No. All roles are granted independently of each other.
Do I have to have a team role to run experiments?
Yes. To run experiments for a team, you need user permissions or higher for that team.