Custom roles
In Cortex, there are four default roles: Viewer, User, Manager, and Admin.
While each of these provides general access to different Cortex features, you can also create custom roles to give individuals more granular permissions. To create a custom role, go to Roles and permissions settings.
From there, select the Custom roles tab.
Select Create custom role. This will open a modal where you can enter the role’s name, tag, and description, and select the specific permissions for that role.
Once a custom role has been created, it can be assigned to users from the User permissions tab. Select the role from the dropdown menu next to a given user's name.
It is possible to assign multiple roles to an individual user or team. When multiple roles are assigned, the resulting permissions will be the maximum permissions associated with their assigned role(s). For example, if an individual is assigned two roles with distinct set of permissions, all of those permissions will be applied to that user.
Custom roles for Teams
Custom roles are also supported for Team permissions. To designate a custom role for a team, first navigate to the Team permissions tab, and then Add new team.
Next, select a Team from the dropdown menu, and select the appropriate role(s) for that team. The role selected at this stage will determine the permission level for all users who belong to that group. Note that a user’s highest permission level will supersede others.
List of custom roles
| Role | Description |
|---|---|
| CQL reports view | View CQL reports |
| CQL reports write | Create, update, and delete CQL reports |
| Configure Actions | Create, read, update, and delete actions |
| Configure Scaffolder templates | Create, read, update, and delete Scaffolder templates |
| Configure Scorecards | Create, read, update, and delete Scorecards and Initiatives; does not include score re-evaluation |
| Configure appearance | Modify workplace appearance settings, including logo, plugin placement, entity overview tabs and navigation order, and catalog sort order |
| Configure catalog | Create, read, update, and delete all aspects of catalogs and entities, including entity type, catalogs and filters, and team hierarchies |
| Configure plugins | Create, read, update, and delete plugins |
| Configure proxies | Create, read, update, and delete proxies |
| Configure secrets | Create, read, update, and delete secret keys used in plugin proxies, secure access to third party APIs, etc. |
| Configure settings | Edit and update workspace settings, authentication and access settings, identity mappings, and integration configurations |
| Configure verification periods | Create and edit periods for verifying Cortex entities |
| Discover dependencies | Sync dependencies directly when on the dependency graph feature |
| Manage discovery audit events | Ignore or import entities found in the discovery audit tool |
| Onboarding management submit notify | Ability to notify within onboarding management |
| Onboarding management view | View onboarding management |
| Run Scaffolder | Access to the Scaffolder to run a template |
| Run query builder | Access to the Query builder and ability to run queries; does not include queries of third-party integration data |
| Run query with external requests | Run basic and advanced queries with third-party integration data; applies to the Query builder and CQL reports |
| Scorecards refresh | Ability to manully trigger a Scorecard's evaluation via the UI |
| Scorecards reports view | View Scorecard reports |
| Scorecards view | View Scorecards |
| View Eng Intelligence | View Eng Intelligence metrics across all teams, users, groups, and entities |
| Workflows write | Create, update, and delete workflows |