Skip to main content

Custom roles

Overview

In Cortex, there are four default roles: Viewer, User, Manager, and Admin.

While each of these provides access to different Cortex features, you can also create custom roles to give users more granular permissions.

Creating custom roles

How to create a custom role

  1. In Cortex, go to the Roles and permissions settings page.
    1. Click your avatar in the lower left corner, then click Settings.
    2. Under "Authentication and access," click Roles and permissions.
  2. Click the "Custom roles" tab. On the right side, click Create custom role.
    The "Create custom role" button is on the right side
  3. In the "Create custom role" modal, fill in the basic information:
    • Role name: Enter a name for the role.
    • Tag: This field is automatically populated based on the role name. It is a unique identifier for the role, made of letters, digits, and hyphens.
    • Description: Optionally, add a description of the role.
      Fill in the custom role modal
    • Permissions: Expand each of the Permission sections to view and toggle on/off a permission setting for the role. All permissions are toggled off by default.
      Fill in the custom role modal
  4. Click Create.

Assign a custom role

You can assign a custom role to a team or user the same way you would assign a default role. See Assign role to a user for instructions.

It is possible to assign multiple roles to an individual user or team. When multiple roles are assigned, the resulting permissions will be the maximum permissions associated with their assigned role(s). For example, if an individual is assigned two roles with distinct set of permissions, all of those permissions will be applied to that user.

Set a custom role as default for new users

For information on creating or deleting users and setting a default role for new users, see Adding and removing Cortex users.

Delete a custom role

To delete a custom role:

  1. On the Roles and permissions settings page, click the Custom Roles tab.
  2. Click a custom role name.
  3. In the modal, scroll to the bottom and click Delete.

Note that you cannot delete a custom role if it is associated with a plugin.

Available permissions for custom roles

The table below describes the permission options you can add to a custom role.

CategoryPermissionDescription
CatalogsCatalogs viewView catalogs and entities
CatalogsEntity types editCreate, edit, and delete entity types
CatalogsCatalogs editCreate, edit, and delete catalogs
CatalogsEntities editCreate, edit, and delete entities
CatalogsEntities archiveArchive entities
CatalogsEntities deleteDelete entities
CatalogsEntity dependency discovery enableSync dependencies directly when on the dependency graph feature
CatalogsEntity verification period configureCreate and edit periods for verifying Cortex entities
Scorecards & InitiativesScorecards viewView scorecards
Scorecards & InitiativesScorecards editCreate, edit, and delete scorecards
Scorecards & InitiativesScorecards re-evaluation executeManually trigger a scorecard's evaluation via the UI
Scorecards & InitiativesScorecard exemptions viewView scorecard exemptions
Scorecards & InitiativesScorecard exemptions configureApprove or revoke scorecard exemptions
Scorecards & InitiativesInitiatives viewView initiatives
Scorecards & InitiativesInitiatives editCreate, edit, and delete initiatives
ReportingScorecard report viewView scorecard reports
ReportingCQL report viewAbility to view CQL reports
ReportingCQL report editCreate, edit, and delete CQL reports
Eng IntelligenceEng Intelligence viewView the Eng Intelligence metrics across all teams, users, groups, and entities
Eng IntelligenceEng Intelligence configureConfigure Eng Intelligence settings
Eng IntelligenceCustom Metrics configureCreate, edit, and delete Eng Intelligence custom metrics
Eng IntelligenceCustom Metric data editCreate, edit, and delete Eng Intelligence custom metrics data points via API
Workflows & ActionsWorkflows editCreate, edit, and delete workflows
Workflows & ActionsWorkflows viewView workflows
Workflows & ActionsWorkflow runs viewView workflow runs
Workflows & ActionsWorkflow runs executeAbility to run workflow
Workflows & ActionsActions configureConfigure CRUD library of actions
PluginsPlugins editCreate, edit, and delete plugins
PluginsPlugin proxies editCreate, edit, and delete plugin proxies
PluginsPlugin appearance configureManage appearance of plugins
ToolsRelationship graph enableView onboarding management
ToolsOnboarding management viewView onboarding management
ToolsOnboarding management enableTrigger onboarding management notifications
ToolsDiscovery audit events configureIgnore or import entities found in the discovery audit tool
ToolsScaffolder templates configureCreate, edit, and delete Scaffolder templates
Tools*Scaffolder executeRun the Scaffolder
ToolsQuery builder (basic) enableAccess to query builder tool that allows CQL queries to be created and run adhoc
ToolsQuery builder (with 3rd party integrations) enableAccess to query builder tool that allows CQL queries to be created and run adhoc, including queries of 3rd party integration data
NotificationsWorkspace notification settings configureEnable or disable workspace notification settings
SettingsSettings configureEdit workspace settings, identity mappings, and integration configurations
SettingsAppearance settings configureEdit workspace appearance settings, including logo upload, plugin placement throughout the app, entity overview tabs and navigation order, and catalog sort order
SettingsIP allowlist configureConfigure restriction for Cortex app and public API access to specified IPs
SettingsGitOps logs viewView GitOps logs
SettingsOpenID Connector & SCIM configureManage OpenID application details and SCIM for Auth0, Azure, Google, and Okta
SettingsRoles viewView workspace role definitions and user role assignments
SettingsRoles configureManage workspace role definitions and user role assignments
SettingsBreaking API changes viewView breaking API changes
SettingsCreate API keys editCreate, edit, and delete Cortex API keys
SettingsIdentity mappings configureReview how team members defined in the team catalog are matched to external accounts (e.g. GitHub, Jira, PagerDuty, ClickUp, or Slack).
SettingsIntegrations configureInstall, uninstall, and configure integrations
Access ManagementCreate secrets editCreate, edit, and delete secret keys used in plugin proxies, secure access to 3rd party APIs, etc
Access ManagementAudit logs viewView audit logs