Skip to main content

Role Based Access Control

Flagsmith provides fine-grained permissions to help larger teams manage access and roles across organisations, projects and environments.

info

The Permissions/Role Based Access features of Flagsmith are not part of the Open Source version. If you want to use these features as part of a self hosted/on premise solution, please get in touch.

Users, Groups, and Roles

Permissions can be assigned to Flagsmith individual users, groups, or roles.

Users

Flagsmith Users can be defined as Organisation Administrators or Users. Organisation Administrator is effectively a super-user role, and gives full read/write access to every Project, Environment, Flag, Remote Config and Segment within that Organisation.

Users that are not Organisation Administrators must have permissions assigned to them manually at the relevant levels.

Groups

Groups are a convenient way to manage permissions for multiple Flagsmith users. Groups can contain any number of Flagsmith users. You can create groups with the Organisation Settings page.

Members of a group can be designated as an admin for that group. As a group admin, users can manage the membership for that group, but not the permissions the group has on other entities.

Roles

A Role is an entity to which you can attach a set of permissions. Permissions can allow privileges at Organization, Project, and Environment levels. You can assign a role, along with its associated permissions, to a User or Group. You will also be able to assign API keys to a Role in future versions.

Creating a Role

You can create a Role in the Organisation Settings page.

Add Permissions to a Role

Once the role is created you can assign the corresponding permissions.

E.g. Add Project permission:

  • Choose a Role.
  • Go to the Projects tab.
  • Select a Project and enable the relevant permissions.

RoleListProject

Assign Role to Users or Groups

After creating the Role, you can assign it to Users or Groups.

E.g. Assign role to a user:

  • Choose a role.
  • Go to the Members tab.
  • Select the Users tab.
  • Click assign role to user button and select a user.

List of assigned users:

RoleListUsers

Permissions

Permissions can be assigned at 3 levels: Organisation, Project, and Environment.

Organisation

PermissionAbility
Create ProjectAllows the user to create Projects in the given Organisation
Manage User GroupsAllows the user to manage the Groups in the Organisation and their members.

Project

PermissionAbility
AdministratorFull Read/Write over all Environments, Feature Flag, Remote Config, Segment and Tag values
View ProjectCan view the Project within their account
Create EnvironmentCan create new Environments within the Project
Create FeatureCan create a new Feature / Remote Config
Delete FeatureCan remove an existing Feature / Remote Config entirely from the Project
Manage SegmentsCan create, delete and edit Segments within the Project
View audit logAllows the user to view the audit logs for this Project.

Environment

PermissionAbility
AdministratorCan modify Feature Flag, Remote Config and Segment values
View EnvironmentCan see the Environment within their account
Update Feature StateUpdate the state or value for a given feature
Manage IdentitiesView and update Identities
Manage Segment OverridesPermission to manage segment overrides in the given environment
Create Change RequestCreating a new Change Request
Approve Change RequestApproving or denying existing Change Requests
View IdentitiesViewing Identities