LogoLogo
Login to CortexBook a DemoCortex Academycortex.io
  • Cortex Docs
  • Cortex Quick Start
  • Ingesting data into Cortex
    • Managing Entities
      • Adding entities
        • Add services
        • Add domains
        • Add teams
        • Add custom entity types
        • Defining dependencies
      • Entity details page
      • Defining ownership
      • Defining relationship types
      • Grouping entities
      • Adding external documentation
      • Adding Deploy data
      • Adding custom data
      • Viewing discovered entities
      • Archiving entities
      • Relationship graph
      • Using On-call Assistant for incidents
      • Managing Terraform infra in Cortex
    • Managing Catalogs
    • Integrations
      • Internally hosted integrations
      • ArgoCD
      • AWS
      • Azure DevOps
      • Azure Resources
      • BambooHR
      • Bitbucket
      • BugSnag
      • Buildkite
      • Checkmarx
      • CircleCI
      • ClickUp
      • Codecov
      • Coralogix
      • Custom webhook integrations
      • Datadog
      • Dynatrace
      • Entra ID (Azure AD)
      • FireHydrant
      • GitHub
      • GitLab
      • Google
      • Grafana
      • incident.io
      • Instana
      • Jenkins
      • Jira
      • Kubernetes
      • LaunchDarkly
      • Lightstep
      • Mend
      • Microsoft Teams
      • New Relic
      • Okta
      • Opsgenie
      • PagerDuty
      • Prometheus
      • Rollbar
      • Rootly
      • Sentry
      • ServiceNow
      • Slack
      • Snyk
      • SonarQube
      • Splunk Observability Cloud (SignalFx)
      • Splunk On-Call (VictorOps)
      • Sumo Logic
      • Veracode
      • Wiz
      • Workday
      • xMatters
  • Scorecards
    • Initiatives and Action items
      • Creating issues based on Initiatives
    • Scorecard rule exemptions
    • Scorecard rule filters
    • Scorecard examples
    • Scorecards as code
  • Reports
    • Executive report
    • All Scorecards report
    • Bird's eye report
    • Progress report
    • Report card
  • Eng Intelligence
    • Custom Metrics
    • Jira Metrics
    • Metrics Explorer (Beta)
  • Cortex Query Language (CQL)
    • Using CQL reports
    • Using JQ in Cortex
  • Workflows
    • Creating a Workflow
      • Workflows as code
    • Blocks
    • Running a Workflow
    • Registering a Scaffolder template
      • Scaffolder advanced usage
    • Using a Workflow to sync in ArgoCD
    • Kicking off a Jenkins pipeline in a Workflow
    • Calling internal service endpoints in a Workflow
  • Plugins
    • Creating a plugin
      • Creating a plugin proxy
    • Migrating Backstage plugins to Cortex
  • Engineering homepage
  • Workspace Settings
    • Using GitOps for Cortex
      • GitOps logs
    • Managing users
      • Roles and permissions
        • Custom roles
        • Team ownership entity editing
      • Configuring SSO
        • Microsoft Entra ID
        • Google
        • Other OIDC providers
        • Okta
          • Okta SCIM
      • Configuring identity mappings
      • Onboarding management
    • API keys, secrets, and tokens
      • Secrets
      • Personal tokens
    • Audit logs
    • Entity settings
      • Data verification
      • Auto archiving entities
    • IP allowlist
    • Notifications
      • Notification logs
    • Customizing your workspace
    • Using search in Cortex
  • Cortex API
    • REST API operations
      • API Keys
      • Audit Logs
      • Catalog Entities
      • Custom Data
        • Custom Data (Advanced)
      • Custom Events
      • Custom Metrics
      • Dependencies
      • Deploys
      • Discovery Audit
      • Docs
      • Eng Intel: User Labels
      • Entity Relationship Types (Beta)
      • Entity Relationships (Beta)
      • Entity Types
      • GitOps Logs
      • Groups
      • Initiatives
      • Integrations APIs
        • Azure Active Directory (Entra ID) API
        • Azure Resources API
        • AWS API
        • Azure DevOps API
        • CircleCI API
        • Coralogix API
        • Datadog API
        • GitHub API
        • GitLab API
        • incident.io API
        • LaunchDarkly API
        • New Relic API
        • PagerDuty API
        • Prometheus API
        • SonarQube API
      • IP Allowlist
      • Notification Logs
      • On call
      • Packages
      • Plugins
      • Queries
      • SCIM
      • Scorecards
      • Secrets
      • Team Hierarchies
      • Teams
      • Workflows
Powered by GitBook
On this page
  • Overview
  • Creating custom roles
  • How to create a custom role
  • Assign a custom role
  • Set a custom role as default for new users
  • Delete a custom role
  • Available permissions for custom roles

Was this helpful?

Export as PDF
  1. Workspace Settings
  2. Managing users
  3. Roles and permissions

Custom roles

Last updated 2 months ago

Was this helpful?

Overview

In Cortex, there are : Viewer, User, Manager, and Admin.

While each of these provides access to different Cortex features, you can also create custom roles to give users more granular permissions.

Creating custom roles

How to create a custom role

  1. In Cortex, go to the .

    1. Click your avatar in the lower left corner, then click Settings.

    2. Under "Authentication and access," click Roles and permissions.

  2. In the upper right corner, click Create custom role.

  3. In the "Create custom role" modal, fill in the basic information:

    • Role name: Enter a name for the role.

    • Identifier: This field is automatically populated based on the role name. It is a unique identifier for the role, made of letters, digits, and hyphens.

    • Description: Optionally, add a description of the role to help others understand its purpose.

    • Settings: Expand each of the Permission sections to view and toggle on/off a permission setting for the role. All permissions are toggled off by default.

  4. Click Create role.

Assign a custom role

It is possible to assign multiple roles to an individual user or team. When multiple roles are assigned, the resulting permissions will be the maximum permissions associated with their assigned role(s). For example, if an individual is assigned two roles with distinct set of permissions, all of those permissions will be applied to that user.

Set a custom role as default for new users

Delete a custom role

To delete a custom role:

  1. In the confirmation modal, click Delete.

Available permissions for custom roles

The table below describes the permission options you can add to a custom role.

Category
Permission
Description

Catalogs

Catalogs view

View catalogs and entities

Catalogs

Entity types edit

Create, edit, and delete entity types

Catalogs

Catalogs edit

Create, edit, and delete catalogs

Catalogs

Entities edit

Create, edit, and delete entities

Catalogs

Entities archive

Archive entities

Catalogs

Entities delete

Delete entities

Catalogs

Entity dependency discovery enable

Sync dependencies directly when on the dependency graph feature

Catalogs

Entity verification period configure

Create and edit periods for verifying Cortex entities

Scorecards & Initiatives

Scorecards view

View scorecards

Scorecards & Initiatives

Scorecards edit

Create, edit, and delete scorecards

Scorecards & Initiatives

Scorecards re-evaluation execute

Manually trigger a scorecard's evaluation via the UI

Scorecards & Initiatives

Scorecard exemptions view

View scorecard exemptions

Scorecards & Initiatives

Scorecard exemptions configure

Approve or revoke scorecard exemptions

Scorecards & Initiatives

Initiatives view

View initiatives

Scorecards & Initiatives

Initiatives edit

Create, edit, and delete initiatives

Reporting

Scorecard report view

View scorecard reports

Reporting

CQL report view

Ability to view CQL reports

Reporting

CQL report edit

Create, edit, and delete CQL reports

Eng Intelligence

Eng Intelligence view

View the Eng Intelligence metrics across all teams, users, groups, and entities

Eng Intelligence

Eng Intelligence configure

Configure Eng Intelligence settings

Eng Intelligence

Custom Metrics configure

Create, edit, and delete Eng Intelligence custom metrics

Eng Intelligence

Custom Metric data edit

Create, edit, and delete Eng Intelligence custom metrics data points via API

Workflows

Workflows edit

Create, edit, and delete workflows

Workflows

Workflows view

View workflows

Workflows

Workflow runs view

View workflow runs

Workflows

Workflow runs execute

Ability to run workflow

Plugins

Plugins edit

Create, edit, and delete plugins

Plugins

Plugin proxies edit

Create, edit, and delete plugin proxies

Plugins

Plugin appearance configure

Manage appearance of plugins

Tools

Relationship graph enable

View onboarding management

Tools

Onboarding management view

View onboarding management

Tools

Onboarding management enable

Trigger onboarding management notifications

Tools

Discovery audit events configure

Ignore or import entities found in the discovery audit tool

Tools

Scaffolder templates configure

Create, edit, and delete Scaffolder templates

Tools

Scaffolder execute

Run the Scaffolder

Tools

Query builder (basic) enable

Access to query builder tool that allows CQL queries to be created and run adhoc

Tools

Query builder (with 3rd party integrations) enable

Access to query builder tool that allows CQL queries to be created and run adhoc, including queries of 3rd party integration data

Notifications

Workspace notification settings configure

Enable or disable workspace notification settings

Notifications

Notification logs view

View notification logs

Notifications

Notification logs execute

Resend a notification

Settings

Settings configure

Edit workspace settings, identity mappings, and integration configurations

Settings

Appearance settings configure

Edit workspace appearance settings, including logo upload, plugin placement throughout the app, entity overview tabs and navigation order, and catalog sort order

Settings

IP allowlist configure

Configure restriction for Cortex app and public API access to specified IPs

Settings

GitOps logs view

View GitOps logs

Settings

OpenID Connector & SCIM configure

Manage OpenID application details and SCIM for Auth0, Azure, Google, and Okta

Settings

Roles view

View workspace role definitions and user role assignments

Settings

Roles configure

Manage workspace role definitions and user role assignments

Settings

Breaking API changes view

View breaking API changes

Settings

Create API keys edit

Create, edit, and delete Cortex API keys

Settings

Identity mappings configure

Review how team members defined in the team catalog are matched to external accounts (e.g. GitHub, Jira, PagerDuty, ClickUp, or Slack).

Settings

Integrations configure

Install, uninstall, and configure integrations

Access Management

Create secrets edit

Create, edit, and delete secret keys used in plugin proxies, secure access to 3rd party APIs, etc

Access Management

Audit logs view

View audit logs

You can assign a custom role to a team or user the same way you would assign a default role. See for instructions.

For information on creating or deleting users and setting a default role for new users, see .

On the , click the User role tab.

Click the trash icon next to a role.

Note that you cannot delete a custom role if it is associated with a .

Roles and permissions settings page
plugin
Roles and permissions settings page
Assign role to a user
Adding and removing Cortex users
four default roles