In RisingWave Cloud, Role-based access control (RBAC) system empowers organizations to precisely manage access permissions based on their roles. Among RisingWave Cloud users in the organization, each user is associated with a pre-defined role. The organization administrator will have permission to edit the roles of all the members, whereas other members will have access to different subsystems depending on their roles.
A security principal refers to an entity that is authenticated and authorized to perform various operations and access resources in RisingWave Cloud. You can assign a role to any of these security principals:
Below are permissions and limitations for roles to ensure that each service account or user has appropriate access tailored to their responsibilities.
To grant a role to your account, go to Organization > Role management, then click Edit roles on the right side.
Role | Permissions | Limitations |
---|---|---|
OrganizationAdmin | Full control over tenants and related resources.Management of service accounts, users, invitations, and RoleBinding.Access to all billing resources. | Cannot modify their own admin RoleBinding. |
OrganizationMember | View access to all tenants.View service accounts, users, and invitations. | No permissions for tenant-related operations (create, update, delete).No permissions for service accounts, users, or invitations operations (create, update, delete).No access to billing resources. |
BillingManager | Full access to all billing resources. | No access to any other operations outside of billing. |
ProjectAdmin | Full access to operations related to any tenants. | No access to billing operations, service accounts, users, or invitations. |
RoleBindings ensure that only authorized entities have access to resources and operations based on their defined roles.
Only the OrganizationAdmin has the permission to manage user’s RoleBinding.
User scenarios | Description |
---|---|
Invite a user to the organization | Currently, you can only invite a new user as an OrganizationMember. If you want to grant more permissions to the target user, please go to Organization > Role management > Users to modify after the user accepts the invitation. |
Create a service account in the organization | The service account RoleBinding is used for authorization when accessing Cloud APIs using the service account’s API keys. By default, the service account is assigned the read-only OrganizationMember role. If you need to assign more permissions to the service account, please go to Organization > Role management > Service Accounts to add other roles. |
Delete or add RoleBinding for a user | Go to Organization > Role management > Users, click the corresponding Edit Roles of the specific role. A popup window will appear, allowing you to uncheck the role or select the new ones. Click Confirm to save the change. |
Delete or add RoleBinding for the service account | Go to Organization > Role management > Users, click the corresponding Edit Roles of the specific service account. A popup window will appear, allowing you to uncheck the role or select the new ones. Click Confirm to save the change. |
Every organization needs at least one OrganizationAdmin user. Any attempt to delete the last OrganizationAdmin RoleBinding will fail.
In RisingWave Cloud, Role-based access control (RBAC) system empowers organizations to precisely manage access permissions based on their roles. Among RisingWave Cloud users in the organization, each user is associated with a pre-defined role. The organization administrator will have permission to edit the roles of all the members, whereas other members will have access to different subsystems depending on their roles.
A security principal refers to an entity that is authenticated and authorized to perform various operations and access resources in RisingWave Cloud. You can assign a role to any of these security principals:
Below are permissions and limitations for roles to ensure that each service account or user has appropriate access tailored to their responsibilities.
To grant a role to your account, go to Organization > Role management, then click Edit roles on the right side.
Role | Permissions | Limitations |
---|---|---|
OrganizationAdmin | Full control over tenants and related resources.Management of service accounts, users, invitations, and RoleBinding.Access to all billing resources. | Cannot modify their own admin RoleBinding. |
OrganizationMember | View access to all tenants.View service accounts, users, and invitations. | No permissions for tenant-related operations (create, update, delete).No permissions for service accounts, users, or invitations operations (create, update, delete).No access to billing resources. |
BillingManager | Full access to all billing resources. | No access to any other operations outside of billing. |
ProjectAdmin | Full access to operations related to any tenants. | No access to billing operations, service accounts, users, or invitations. |
RoleBindings ensure that only authorized entities have access to resources and operations based on their defined roles.
Only the OrganizationAdmin has the permission to manage user’s RoleBinding.
User scenarios | Description |
---|---|
Invite a user to the organization | Currently, you can only invite a new user as an OrganizationMember. If you want to grant more permissions to the target user, please go to Organization > Role management > Users to modify after the user accepts the invitation. |
Create a service account in the organization | The service account RoleBinding is used for authorization when accessing Cloud APIs using the service account’s API keys. By default, the service account is assigned the read-only OrganizationMember role. If you need to assign more permissions to the service account, please go to Organization > Role management > Service Accounts to add other roles. |
Delete or add RoleBinding for a user | Go to Organization > Role management > Users, click the corresponding Edit Roles of the specific role. A popup window will appear, allowing you to uncheck the role or select the new ones. Click Confirm to save the change. |
Delete or add RoleBinding for the service account | Go to Organization > Role management > Users, click the corresponding Edit Roles of the specific service account. A popup window will appear, allowing you to uncheck the role or select the new ones. Click Confirm to save the change. |
Every organization needs at least one OrganizationAdmin user. Any attempt to delete the last OrganizationAdmin RoleBinding will fail.