Custom roles

Overview

In Cortex, there are four default roles: Viewer, User, Manager, and Admin.

While each of these provides access to different Cortex features, you can also create custom roles to give users more granular permissions.

Creating custom roles

How to create a custom role

  1. In Cortex, go to the Roles and permissions settings page.

    1. Click your avatar in the lower left corner, then click Settings.

    2. Under "Authentication and access," click Roles and permissions.

  2. In the upper right corner, click Create custom role.

  3. In the "Create custom role" modal, fill in the basic information:

    • Role name: Enter a name for the role.

    • Identifier: This field is automatically populated based on the role name. It is a unique identifier for the role, made of letters, digits, and hyphens.

    • Description: Optionally, add a description of the role to help others understand its purpose.

    • Settings: Expand each of the Permission sections to view and toggle on/off a permission setting for the role. All permissions are toggled off by default.

  4. Click Create role.

Assign a custom role

You can assign a custom role to a team or user the same way you would assign a default role. See Assign role to a user for instructions.

It is possible to assign multiple roles to an individual user or team. When multiple roles are assigned, the resulting permissions will be the maximum permissions associated with their assigned role(s). For example, if an individual is assigned two roles with distinct set of permissions, all of those permissions will be applied to that user.

Set a custom role as default for new users

For information on creating or deleting users and setting a default role for new users, see Adding and removing Cortex users.

Delete a custom role

To delete a custom role:

  1. On the Roles and permissions settings page, click the User role tab.

  2. Click the trash icon next to a role.

  3. In the confirmation modal, click Delete.

Note that you cannot delete a custom role if it is associated with a plugin.

Available permissions for custom roles

The table below describes the permission options you can add to a custom role.

Category
Permission
Description

Catalogs

Catalogs view

View catalogs and entities

Catalogs

Entity types edit

Create, edit, and delete entity types

Catalogs

Catalogs edit

Create, edit, and delete catalogs

Catalogs

Entities edit

Create, edit, and delete entities

Catalogs

Entities archive

Archive entities

Catalogs

Entities delete

Delete entities

Catalogs

Entity dependency discovery enable

Sync dependencies directly when on the dependency graph feature

Catalogs

Entity verification period configure

Create and edit periods for verifying Cortex entities

Scorecards & Initiatives

Scorecards view

View scorecards

Scorecards & Initiatives

Scorecards edit

Create, edit, and delete scorecards

Scorecards & Initiatives

Scorecards re-evaluation execute

Manually trigger a scorecard's evaluation via the UI

Scorecards & Initiatives

Scorecard exemptions view

View scorecard exemptions

Scorecards & Initiatives

Scorecard exemptions configure

Approve or revoke scorecard exemptions

Scorecards & Initiatives

Initiatives view

View initiatives

Scorecards & Initiatives

Initiatives edit

Create, edit, and delete initiatives

Reporting

Scorecard report view

View scorecard reports

Reporting

CQL report view

Ability to view CQL reports

Reporting

CQL report edit

Create, edit, and delete CQL reports

Eng Intelligence

Eng Intelligence view

View the Eng Intelligence metrics across all teams, users, groups, and entities

Eng Intelligence

Eng Intelligence configure

Configure Eng Intelligence settings

Eng Intelligence

Custom Metrics configure

Create, edit, and delete Eng Intelligence custom metrics

Eng Intelligence

Custom Metric data edit

Create, edit, and delete Eng Intelligence custom metrics data points via API

Workflows

Workflows edit

Create, edit, and delete workflows

Workflows

Workflows view

View workflows

Workflows

Workflow runs view

View workflow runs

Workflows

Workflow runs execute

Ability to run workflow

Plugins

Plugins edit

Create, edit, and delete plugins

Plugins

Plugin proxies edit

Create, edit, and delete plugin proxies

Plugins

Plugin appearance configure

Manage appearance of plugins

Tools

Relationship graph enable

View onboarding management

Tools

Onboarding management view

View onboarding management

Tools

Onboarding management enable

Trigger onboarding management notifications

Tools

Discovery audit events configure

Ignore or import entities found in the discovery audit tool

Tools

Scaffolder templates configure

Create, edit, and delete Scaffolder templates

Tools

Scaffolder execute

Run the Scaffolder

Tools

Query builder (basic) enable

Access to query builder tool that allows CQL queries to be created and run adhoc

Tools

Query builder (with 3rd party integrations) enable

Access to query builder tool that allows CQL queries to be created and run adhoc, including queries of 3rd party integration data

Notifications

Workspace notification settings configure

Enable or disable workspace notification settings

Notifications

Notification logs view

View notification logs

Notifications

Notification logs execute

Resend a notification

Settings

Settings configure

Edit workspace settings, identity mappings, and integration configurations

Settings

Appearance settings configure

Edit workspace appearance settings, including logo upload, plugin placement throughout the app, entity overview tabs and navigation order, and catalog sort order

Settings

IP allowlist configure

Configure restriction for Cortex app and public API access to specified IPs

Settings

GitOps logs view

View GitOps logs

Settings

OpenID Connector & SCIM configure

Manage OpenID application details and SCIM for Auth0, Azure, Google, and Okta

Settings

Roles view

View workspace role definitions and user role assignments

Settings

Roles configure

Manage workspace role definitions and user role assignments

Settings

Breaking API changes view

View breaking API changes

Settings

Create API keys edit

Create, edit, and delete Cortex API keys

Settings

Identity mappings configure

Review how team members defined in the team catalog are matched to external accounts (e.g. GitHub, Jira, PagerDuty, ClickUp, or Slack).

Settings

Integrations configure

Install, uninstall, and configure integrations

Access Management

Create secrets edit

Create, edit, and delete secret keys used in plugin proxies, secure access to 3rd party APIs, etc

Access Management

Audit logs view

View audit logs

Last updated

Was this helpful?