You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: en/includes/references/user-management/user-roles.md
+171-2Lines changed: 171 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -101,6 +101,12 @@ The permissions associated with each role are outlined below. Resources not expl
101
101
<td>️✔</td>
102
102
<td>️</td>
103
103
</tr>
104
+
<tr>
105
+
<td>User Management</td>
106
+
<td>Role Assignments</td>
107
+
<td>️✔</td>
108
+
<td>️</td>
109
+
</tr>
104
110
<tr>
105
111
<td>User Attributes & Stores</td>
106
112
<td>Attributes</td>
@@ -145,7 +151,6 @@ The permissions associated with each role are outlined below. Resources not expl
145
151
</tr>
146
152
</table>
147
153
148
-
149
154
??? example "Viewer - Applications"
150
155
151
156
<table>
@@ -268,9 +273,14 @@ The permissions associated with each role are outlined below. Resources not expl
268
273
<td>️✔</td>
269
274
<td>️</td>
270
275
</tr>
276
+
<tr>
277
+
<td>User Management</td>
278
+
<td>Role Assignments</td>
279
+
<td>️✔</td>
280
+
<td>️</td>
281
+
</tr>
271
282
</table>
272
283
273
-
274
284
??? example "Viewer - Users"
275
285
276
286
<table>
@@ -323,6 +333,159 @@ The permissions associated with each role are outlined below. Resources not expl
323
333
</tr>
324
334
</table>
325
335
336
+
## ⚠️ Upcoming change to Console role permissions
337
+
338
+
Effective **October 2, 2025 at 00:00 UTC**, permissions of the **Editor - Users** and **Editor - Applications** will change as follows:
339
+
340
+
-**Editor - Users**: No longer able to edit role metadata or change permissions.
341
+
-**Editor - Applications**: No longer able to assign roles to users or groups.
342
+
343
+
This change ensures that roles follow the principle of least privilege, granting only the permissions necessary to perform their tasks.
344
+
345
+
In line with the updated permissions,
346
+
347
+
- Make sure to assign tasks only to users who have the necessary permissions.
348
+
349
+
- If a user affected by this change needs the lost permissions, you can assign a different role to that user. When doing so, carefully review all permissions in that role before making the assignment.
350
+
351
+
The updated permissions will be as follows.
352
+
353
+
??? example "Editor - Applications"
354
+
355
+
<table>
356
+
<tr>
357
+
<th>Resources</th>
358
+
<th>Sub-section</th>
359
+
<th>Read/Write access</th>
360
+
<th>Read access only</th>
361
+
</tr>
362
+
<tr>
363
+
<td>Applications</td>
364
+
<td>️</td>
365
+
<td>✔</td>
366
+
<td>️</td>
367
+
</tr>
368
+
<tr>
369
+
<td>Connections</td>
370
+
<td>️</td>
371
+
<td>️</td>
372
+
<td>✔</td>
373
+
</tr>
374
+
<tr>
375
+
<td>API Resources</td>
376
+
<td>️</td>
377
+
<td>✔</td>
378
+
<td></td>
379
+
</tr>
380
+
<tr>
381
+
<td>Branding</td>
382
+
<td>️</td>
383
+
<td>✔</td>
384
+
<td>️</td>
385
+
</tr>
386
+
<tr>
387
+
<td>User Management</td>
388
+
<td>Users️</td>
389
+
<td>️</td>
390
+
<td>✔</td>
391
+
</tr>
392
+
<tr>
393
+
<td>User Management</td>
394
+
<td>Groups️</td>
395
+
<td>️</td>
396
+
<td>✔</td>
397
+
</tr>
398
+
<tr>
399
+
<td><b>User Management</b></td>
400
+
<td><b>Roles</b></td>
401
+
<td>️</td>
402
+
<td>️✔</td>
403
+
</tr>
404
+
<tr>
405
+
<td><b>User Management</b></td>
406
+
<td><b>Role Assignments</b></td>
407
+
<td>️✔</td>
408
+
<td>️</td>
409
+
</tr>
410
+
<tr>
411
+
<td>User Attributes & Stores</td>
412
+
<td>Attributes</td>
413
+
<td>️</td>
414
+
<td>️✔</td>
415
+
</tr>
416
+
<tr>
417
+
<td>User Attributes & Stores</td>
418
+
<td>Attributes > Scopes </td>
419
+
<td>️️✔</td>
420
+
<td></td>
421
+
</tr>
422
+
<tr>
423
+
<td>Organizations</td>
424
+
<td>️</td>
425
+
<td>️</td>
426
+
<td>✔</td>
427
+
</tr>
428
+
<tr>
429
+
<td>Login & Registration</td>
430
+
<td>️</td>
431
+
<td>️✔</td>
432
+
<td>️</td>
433
+
</tr>
434
+
<tr>
435
+
<td>Actions</td>
436
+
<td>️</td>
437
+
<td>️✔</td>
438
+
<td>️</td>
439
+
</tr>
440
+
<tr>
441
+
<td>Events</td>
442
+
<td>️</td>
443
+
<td>️✔</td>
444
+
<td>️</td>
445
+
</tr>
446
+
<tr>
447
+
<td>Logs</td>
448
+
<td>️Diagnostic logs</td>
449
+
<td></td>
450
+
<td>️✔</td>
451
+
</tr>
452
+
</table>
453
+
454
+
??? example "Editor - Users"
455
+
456
+
<table>
457
+
<tr>
458
+
<th>Resources</th>
459
+
<th>Sub-section</th>
460
+
<th>Read/Write access</th>
461
+
<th>Read access only</th>
462
+
</tr>
463
+
<tr>
464
+
<td>User Management</td>
465
+
<td>Users️</td>
466
+
<td>️✔</td>
467
+
<td>️</td>
468
+
</tr>
469
+
<tr>
470
+
<td>User Management</td>
471
+
<td>Groups️</td>
472
+
<td>✔</td>
473
+
<td>️</td>
474
+
</tr>
475
+
<tr>
476
+
<td><b>User Management</b></td>
477
+
<td><b>Roles</b></td>
478
+
<td>️✔</td>
479
+
<td>️</td>
480
+
</tr>
481
+
<tr>
482
+
<td><b>User Management</b></td>
483
+
<td><b>Role Assignments</b></td>
484
+
<td>️</td>
485
+
<td>️✔</td>
486
+
</tr>
487
+
</table>
488
+
326
489
{% else %}
327
490
328
491
# {{ product_name }} user roles
@@ -344,6 +507,7 @@ The following tables list the permissions enabled for roles in the organization.
344
507
The following list contains the permissions enabled for an {{ admin_role_name }}:
345
508
346
509
## User management
510
+
347
511
- View users
348
512
- Onboard users
349
513
- Update user profiles
@@ -361,25 +525,29 @@ The following list contains the permissions enabled for an {{ admin_role_name }}
361
525
- Assign groups to roles
362
526
363
527
## Application management
528
+
364
529
- View apps and app settings
365
530
- Register apps
366
531
- Update and delete apps
367
532
- Update Sign-in methods
368
533
- Update protocol settings
369
534
370
535
## Connections management
536
+
371
537
- View connections and connection settings
372
538
- Create new connection
373
539
- Update and delete connections
374
540
375
541
## Organization management
542
+
376
543
- Create new organizations
377
544
- View all the organizations created
378
545
- As the organization creator, update and delete organizations that you created
379
546
- Switch to the organizations that you created
380
547
- Share applications from the organization (root) to its organizations
381
548
382
549
## Managing attributes and scopes
550
+
383
551
- View attributes
384
552
- Create new attributes
385
553
- Update and delete attributes
@@ -388,6 +556,7 @@ The following list contains the permissions enabled for an {{ admin_role_name }}
0 commit comments