LogoLogo
Login to CortexBook a DemoCortex Academycortex.io
  • Cortex Docs
  • Cortex Quick Start
  • Ingesting data into Cortex
    • Managing Entities
      • Adding entities
        • Add services
        • Add domains
        • Add teams
        • Add custom entity types
        • Defining dependencies
      • Entity details page
      • Defining ownership
      • Defining relationship types
      • Grouping entities
      • Adding external documentation
      • Adding Deploy data
      • Adding custom data
      • Viewing discovered entities
      • Archiving entities
      • Relationship graph
      • Using On-call Assistant for incidents
      • Managing Terraform infra in Cortex
    • Managing Catalogs
    • Integrations
      • Internally hosted integrations
      • ArgoCD
      • AWS
      • Azure DevOps
      • Azure Resources
      • BambooHR
      • Bitbucket
      • BugSnag
      • Buildkite
      • Checkmarx
      • CircleCI
      • ClickUp
      • Codecov
      • Coralogix
      • Custom webhook integrations
      • Datadog
      • Dynatrace
      • Entra ID (Azure AD)
      • FireHydrant
      • GitHub
      • GitLab
      • Google
      • Grafana
      • incident.io
      • Instana
      • Jenkins
      • Jira
      • Kubernetes
      • LaunchDarkly
      • Lightstep
      • Mend
      • Microsoft Teams
      • New Relic
      • Okta
      • Opsgenie
      • PagerDuty
      • Prometheus
      • Rollbar
      • Rootly
      • Sentry
      • ServiceNow
      • Slack
      • Snyk
      • SonarQube
      • Splunk Observability Cloud (SignalFx)
      • Splunk On-Call (VictorOps)
      • Sumo Logic
      • Veracode
      • Wiz
      • Workday
      • xMatters
  • Scorecards
    • Initiatives and Action items
      • Creating issues based on Initiatives
    • Scorecard rule exemptions
    • Scorecard rule filters
    • Scorecard examples
    • Scorecards as code
  • Reports
    • Executive report
    • All Scorecards report
    • Bird's eye report
    • Progress report
    • Report card
  • Eng Intelligence
    • Custom Metrics
    • Jira Metrics
    • Metrics Explorer (Beta)
  • Cortex Query Language (CQL)
    • Using CQL reports
    • Using JQ in Cortex
  • Workflows
    • Creating a Workflow
      • Workflows as code
    • Blocks
    • Running a Workflow
    • Registering a Scaffolder template
      • Scaffolder advanced usage
    • Using a Workflow to sync in ArgoCD
    • Kicking off a Jenkins pipeline in a Workflow
    • Calling internal service endpoints in a Workflow
  • Plugins
    • Creating a plugin
      • Creating a plugin proxy
    • Migrating Backstage plugins to Cortex
  • Engineering homepage
  • Workspace Settings
    • Using GitOps for Cortex
      • GitOps logs
    • Managing users
      • Roles and permissions
        • Custom roles
        • Team ownership entity editing
      • Configuring SSO
        • Microsoft Entra ID
        • Google
        • Other OIDC providers
        • Okta
          • Okta SCIM
      • Configuring identity mappings
      • Onboarding management
    • API keys, secrets, and tokens
      • Secrets
      • Personal tokens
    • Audit logs
    • Entity settings
      • Data verification
      • Auto archiving entities
    • IP allowlist
    • Notifications
      • Notification logs
    • Customizing your workspace
    • Using search in Cortex
  • Cortex API
    • REST API operations
      • API Keys
      • Audit Logs
      • Catalog Entities
      • Custom Data
        • Custom Data (Advanced)
      • Custom Events
      • Custom Metrics
      • Dependencies
      • Deploys
      • Discovery Audit
      • Docs
      • Eng Intel: User Labels
      • Entity Relationship Types (Beta)
      • Entity Relationships (Beta)
      • Entity Types
      • GitOps Logs
      • Groups
      • Initiatives
      • Integrations APIs
        • Azure Active Directory (Entra ID) API
        • Azure Resources API
        • AWS API
        • Azure DevOps API
        • CircleCI API
        • Coralogix API
        • Datadog API
        • GitHub API
        • GitLab API
        • incident.io API
        • LaunchDarkly API
        • New Relic API
        • PagerDuty API
        • Prometheus API
        • SonarQube API
      • IP Allowlist
      • Notification Logs
      • On call
      • Packages
      • Plugins
      • Queries
      • SCIM
      • Scorecards
      • Secrets
      • Team Hierarchies
      • Teams
      • Workflows
Powered by GitBook
On this page
  • Overview
  • Roles in Cortex
  • Default roles
  • Custom roles
  • Permissioning in Workflows
  • Viewing and assigning roles
  • View roles
  • Filter the list
  • Assign role to a user
  • Assign role to a team
  • Adding and removing Cortex users
  • Review users
  • Set a default role for new users
  • Add a user
  • Remove a user

Was this helpful?

Export as PDF
  1. Workspace Settings
  2. Managing users

Roles and permissions

Overview

Users and teams in Cortex can be assigned to a role which permits or limits the ability to perform specific actions within Cortex. These actions range from creating API keys and adding integrations to editing Scorecards and creating entities. Roles allow you to ensure that only authorized individuals can make high-level changes to your workspace. You can use the default roles or you can create custom roles.

If a user is assigned to more than one role, they will retain the permissions of the least restricted assigned role. For example, if a user is assigned a Manager role and they are a member of a team assigned the Admin role, then they will have admin permissions throughout Cortex. Using custom roles may introduce other permissions that supersede default roles.

If a user does not have permission to perform an action, the option will not appear for them.

Roles in Cortex

Default roles

When you first access your Cortex account, the following roles are available by default:

  • Admins: Admins are the owners of the workspace. They have global access to everything within Cortex: settings, Scorecards, and entities.

  • Managers: Managers have most of the same abilities as admins, but cannot modify permissions or other settings. Managers can create and edit Scorecards, entities, and teams.

  • Users: Users cannot modify settings, nor can they edit or create Scorecards. Users can edit and create entities and teams.

  • Viewers: Viewers cannot create or edit anything within the workspace. This is a read-only role.

Permission
Viewer
User
Manager
Admin

View CQL reports

✓

✓

✓

✓

View initiatives

✓

✓

✓

✓

View onboarding management

✓

✓

✓

✓

View Scorecards

✓

✓

✓

✓

View catalogs

✓

✓

✓

✓

Edit and create entities

✓

✓

✓

Archive and delete entities

✓

✓

✓

Edit and create entity types

✓

✓

✓

Edit CQL reports

✓

✓

✓

Edit initiatives

✓

✓

✓

Configure Scaffolder templates

✓

✓

✓

Run the Scaffolder

✓

✓

✓

Run query builder

✓

✓

✓

View GitOps logs

✓

✓

✓

View Workflows

✓

✓

✓

View Workflow runs

✓

✓

✓

Execute Workflow runs

✓

✓

✓

View Scorecard exemptions

✓

✓

✓

View Eng Intelligence

✓

✓

Configure Eng Intelligence custom metrics

✓

✓

Configure Eng Intelligence

✓

✓

Configure identity mappings

✓

✓

Edit and create Scorecards

✓

✓

Edit, create, and delete catalogs

✓

✓

Edit Eng Intelligence custom metric data

✓

✓

Edit Workflows

✓

✓

Run re-evaluation of Scorecards

✓

✓

View audit logs

✓

View breaking API changes

✓

View notification logs

✓

View roles

✓

Configure appearance

✓

Configure catalog

✓

Configure custom metrics

✓

Configure discovery audit events

✓

Configure entity verification periods

✓

Configure integrations

✓

Configure notifications

✓

Configure plugin appearance

✓

Configure Scorecard exemptions

✓

Edit, create, and delete API keys

✓

Edit CQL reports

✓

Edit custom metric data

✓

Edit initiatives

✓

Edit plugins

✓

Edit plugin proxies

✓

Edit, create, and delete secrets

✓

Enable entity dependency discovery

✓

Enable onboarding management

✓

Execute notification logs

✓

Configure IP allowlist

✓

Configure OpenID Connector and SCIM

✓

Configure roles

✓

Configure settings

✓

Run query builder with third-party integrations

✓

Custom roles

Cortex gives you the ability to create custom roles with granular permissions so users have the access they need. Learn more in the Custom Roles documentation.

Permissioning in Workflows

  • Configure specific users, teams, or roles who are allowed to run a Workflow

  • Require a user to be an Owner or Editor of an entity in order to run a workflow

Viewing and assigning roles

View roles

Filter the list

  • To filter the list by role, click Filter in the upper right corner of the user list, then select and apply filters.

  • To filter the list by user, click the magnifying glass icon in the upper right corner of the list, then type in a name.

Assign role to a user

To change an existing role or add a role to a user:

  1. Click into the Roles column that user.

  2. To remove a role, click the X within the role name for that user.

Assign role to a team

Team roles allow you to assign the team permissions to a set of users all at once. When you add a new member to a team, Cortex will automatically assign the team role to them.

To set team roles:

  1. Click Add team with custom roles.

  2. In the side panel, select a team and a team role.

  3. At the bottom of the side panel, click Set roles.

Adding and removing Cortex users

Review users

Set a default role for new users

To set a default role for all new users provisioned for your workspace:

  1. Select the desired role.

Add a user

To add a new user to the platform, first direct the user to attempt to log in to your organization's Cortex account. If the user has the appropriate email domain, they will be added automatically upon login.

If the user sees an "access denied" error, this indicates that the user is not authorized to access the app via your SSO tool.

Add a secondary domain

Cloud customers who need to add a secondary email domain should contact help@cortex.io for assistance. This restriction does not apply to self-hosted customers.

Remove a user

To delete a user:

  1. In the list of User permissions, locate the user you need to delete.

  2. Click the trash icon for the user.

  3. In the confirmation modal, click Delete.

When a user is deleted, all data created by the user (such as Scorecards) will remain in Cortex. However, any personal access tokens created by the user will be removed.

If you worked with Cortex to configure domain restriction and users retain access to their identity provider account, such as Okta or Google, these deleted individuals will be able to regain access to Cortex by logging back in to Cortex via SSO. If an individual leaves your organization and is no longer a user in your identity provider, they will not be able to regain access your organization's Cortex account.

Last updated 2 months ago

Was this helpful?

In addition to the granular permissions listed on this page that apply to , it is also possible to:

These configurations are described in more detail in the under "Step 2: Configure your Workflow settings."

In in Cortex, users with the Admin role can view a list of all users in the workspace and their assigned roles. On this page, you can also assign roles and create custom roles.

On the , locate the user in the Users list.

Search for and select the desired role from the dropdown list.

Navigate to , then click the Teams tab.

The teams listed here are populated from your team source (e.g., Okta, GitHub teams, Slack)

At the top of the , you can see the total number of seats, the number of users who have logged in to your instance, the number of users who have only received notifications but have not logged in, and the number of available seats remaining. You can also view this information in the under Workspace settings.

At the top of the , click into the field under "Default roles."

Workflows
Settings > Roles and permissions
Roles and permissions page
Settings > Roles and permissions
Roles and permissions settings page
About page
Roles and permissions settings page
Workflow documentation