Dashboard
Platform

Role Based Access Control

Gremlin provides <span class="code-class-custom">role based access control</span> functionality that grants specific permissions to a role and then a role, or many roles, to each user. Any action taken in the Gremlin UI or API requires a role that grants a user permission for that action. Permissions cannot be assigned independently of roles.

Roles

Roles are split into two categories, company and team roles.

  • Team roles grant permissions to a user, specifically for work within that team. The team roles control which actions the user can take on behalf of the team, like starting an experiment on that team's clients, or revoking that team's API key.
  • Company roles grant permissions for work outside of a team. Company level roles control actions a user can take on behalf of the company, like changing single sign on settings, creating a new team, or removing a user from the company.

To view or edit users and roles, go to your company settings.

Company roles

The following table describes the permissions that are available for each company role.

OwnerAdminManagerCoordinator*User
Authentication Management
SSO✔️✔️
MFA✔️✔️
Personal Account Management
Enable MFA✔️✔️✔️✔️✔️
Reset Password✔️✔️✔️✔️✔️
User Management
Invite users to company✔️✔️✔️
Update user roles✔️✔️✔️
Add/remove users from teams✔️✔️✔️
Revoke users from company✔️✔️
Reactivate revoked user✔️✔️
Assign Company Owner role✔️
Assign/remove Company/Team Manager roles✔️✔️
Team Management
Create/delete teams✔️✔️✔️
List teams✔️✔️✔️✔️✔️
Reset team secrets✔️✔️
Certificate Management✔️✔️
Client Management
Reactivate any client✔️
Access Logs
View user, team, company security logs✔️✔️
Integration Management
Configure external integrations with Gremlin✔️✔️
Scenario Management
Share or unshare Scenarios✔️✔️✔️
Create and manage Test Suites✔️✔️✔️

Team roles

The following table describes the permissions that are available for each team role.

Team ManagerTeam Credential Manager*Team UserTeam Viewer
Attacks
Create, start, halt, schedule✔️✔️
List experiments, schedules and scenarios✔️✔️✔️
User Management
List users✔️✔️✔️
Invite new users to the company✔️
Invite/remove users to their team✔️
Client Management
List clients✔️✔️✔️
Deactivate team clients✔️✔️
Reactivate team clients✔️
API Key Management
Create, view, revoke API key✔️✔️
Reactivate revoked API key✔️
Secrets/Certificates Management
Rollover, delete, create team certificate✔️✔️
Reset team secret✔️✔️
Notifications
Scheduled Health Checks✔️
Scenario Management
Share or unshare Scenarios✔️✔️

Note
An asterisk(*) next to the role name means the role is hidden in the UI. It can only be set via an API call.

FAQs

Is a user required to have both team and company roles?

No. All roles are granted independently of each other.

Do I have to have a team role to run experiments?

Yes. To run experiments for a team, you need user permissions or higher for that team.

No items found.
Next
Previous
This is some text inside of a div block.
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Managing the Gremlin Agent
User Management
Integrations
Health Checks
Notifications
Command Line Interface
Updating Gremlin
Quick Start Guide
Services and Dependencies
Detected Risks
Reliability Tests
Reliability Score
Targets
Experiments
Scenarios
GameDays
Overview
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Classes, methods, & attributes
API Keys
Examples
Container security
General
Linux
Windows
Chao
Helm
Glossary
Alfi
Additional Configuration for Helm
Amazon CloudWatch Health Check
AppDynamics Health Check
Application Level Fault Injection (ALFI)
Blackhole Experiment
CPU Experiment
Certificate Expiry
Custom Health Check
Custom Load Generator
DNS Experiment
Datadog Health Check
Disk Experiment
Dynatrace Health Check
Grafana Cloud Health Check
Grafana Cloud K6
IO Experiment
Install Gremlin on Kubernetes manually
Install Gremlin on OpenShift 4
Installing Gremlin on AWS - Configuring your VPC
Installing Gremlin on Kubernetes with Helm
Installing Gremlin on Windows
Installing Gremlin on a virtual machine
Installing the Failure Flags SDK
Jira
Latency Experiment
Memory Experiment
Network Tags
New Relic Health Check
Overview
Overview
Overview
Overview
Overview
Packet Loss Attack
PagerDuty Health Check
Preview: Gremlin in Kubernetes Restricted Networks
Private Network Integration Agent
Process Collection
Process Killer Experiment
Prometheus Health Check
Role Based Access Control
Running Failure Flags experiments
Scheduling Scenarios
Shared Scenarios
Shutdown Experiment
Slack
Teams
Time Travel Experiment
Troubleshooting Gremlin on OpenShift
User Authentication via SAML and Okta
Users
Webhooks
Integration Agent for Linux
Test Suites
Restricting Testing Times
Reports
Process Exhaustion Experiment
Enabling DNS collection