Roles and permissions
Overview
Users and teams in Cortex can be assigned to a role which permits or limits the ability to perform specific actions within Cortex. These actions range from creating API keys and adding integrations to editing Scorecards and creating entities. Roles allow you to ensure that only authorized individuals can make high-level changes to your workspace. You can use the default roles or you can create custom roles.
If a user is assigned to more than one role, they will retain the permissions of the least restricted assigned role. For example, if a user is assigned a Manager role and they are a member of a team assigned the Admin role, then they will have admin permissions throughout Cortex. Using custom roles may introduce other permissions that supersede default roles.
If a user does not have permission to perform an action, the option will not appear for them.
Roles in Cortex
Default roles
When you first access your Cortex account, the following roles are available by default:
Admins: Admins are the owners of the workspace. They have global access to everything within Cortex: settings, Scorecards, and entities.
Managers: Managers have most of the same abilities as admins, but cannot modify permissions or other settings. Managers can create and edit Scorecards, entities, and teams.
Users: Users cannot modify settings, nor can they edit or create Scorecards. Users can edit and create entities and teams.
Viewers: Viewers cannot create or edit anything within the workspace. This is a read-only role.
View CQL reports
✓
✓
✓
✓
View initiatives
✓
✓
✓
✓
View onboarding management
✓
✓
✓
✓
View Scorecards
✓
✓
✓
✓
View catalogs
✓
✓
✓
✓
Edit and create entities
✓
✓
✓
Archive and delete entities
✓
✓
✓
Edit and create entity types
✓
✓
✓
Edit CQL reports
✓
✓
✓
Edit initiatives
✓
✓
✓
Configure Scaffolder templates
✓
✓
✓
Run the Scaffolder
✓
✓
✓
Run query builder
✓
✓
✓
View GitOps logs
✓
✓
✓
View Workflows
✓
✓
✓
View Workflow runs
✓
✓
✓
Execute Workflow runs
✓
✓
✓
View Scorecard exemptions
✓
✓
✓
View Eng Intelligence
✓
✓
Configure Eng Intelligence custom metrics
✓
✓
Configure Eng Intelligence
✓
✓
Configure identity mappings
✓
✓
Edit and create Scorecards
✓
✓
Edit, create, and delete catalogs
✓
✓
Edit Eng Intelligence custom metric data
✓
✓
Edit Workflows
✓
✓
Run re-evaluation of Scorecards
✓
✓
View audit logs
✓
View breaking API changes
✓
View notification logs
✓
View roles
✓
Configure appearance
✓
Configure catalog
✓
Configure custom metrics
✓
Configure discovery audit events
✓
Configure entity verification periods
✓
Configure integrations
✓
Configure notifications
✓
Configure plugin appearance
✓
Configure Scorecard exemptions
✓
Edit, create, and delete API keys
✓
Edit CQL reports
✓
Edit custom metric data
✓
Edit initiatives
✓
Edit plugins
✓
Edit plugin proxies
✓
Edit, create, and delete secrets
✓
Enable entity dependency discovery
✓
Enable onboarding management
✓
Execute notification logs
✓
Configure IP allowlist
✓
Configure OpenID Connector and SCIM
✓
Configure roles
✓
Configure settings
✓
Run query builder with third-party integrations
✓
Custom roles
Cortex gives you the ability to create custom roles with granular permissions so users have the access they need. Learn more in the Custom Roles documentation.
Permissioning in Workflows
Configure specific users, teams, or roles who are allowed to run a Workflow
Require a user to be an Owner or Editor of an entity in order to run a workflow
Viewing and assigning roles
View roles
Filter the list
To filter the list by role, click Filter in the upper right corner of the user list, then select and apply filters.
To filter the list by user, click the magnifying glass icon in the upper right corner of the list, then type in a name.
Assign role to a user
To change an existing role or add a role to a user:
Click into the Roles column that user.
To remove a role, click the X within the role name for that user.
Assign role to a team
Team roles allow you to assign the team permissions to a set of users all at once. When you add a new member to a team, Cortex will automatically assign the team role to them.
To set team roles:
Click Add team with custom roles.
In the side panel, select a team and a team role.
At the bottom of the side panel, click Set roles.
Adding and removing Cortex users
Review users
Set a default role for new users
To set a default role for all new users provisioned for your workspace:
Select the desired role.
Add a user
To add a new user to the platform, first direct the user to attempt to log in to your organization's Cortex account. If the user has the appropriate email domain, they will be added automatically upon login.
If the user sees an "access denied" error, this indicates that the user is not authorized to access the app via your SSO tool.
Add a secondary domain
Cloud customers who need to add a secondary email domain should contact help@cortex.io for assistance. This restriction does not apply to self-hosted customers.
Remove a user
To delete a user:
In the list of User permissions, locate the user you need to delete.
Click the trash icon for the user.
In the confirmation modal, click Delete.
When a user is deleted, all data created by the user (such as Scorecards) will remain in Cortex. However, any personal access tokens created by the user will be removed.
If you worked with Cortex to configure domain restriction and users retain access to their identity provider account, such as Okta or Google, these deleted individuals will be able to regain access to Cortex by logging back in to Cortex via SSO. If an individual leaves your organization and is no longer a user in your identity provider, they will not be able to regain access your organization's Cortex account.
Last updated
Was this helpful?
