Fine-grained RBAC with custom project roles

Role-based access control (RBAC) is vital security measure in many organizations. Restricting access and permissions based on a user’s role is both intuitive and powerful. When Unleash introduced RBAC in version 4, we gave you the power to control users’ access to global and to project-specific resources. Now, with Unleash 4.6, we’re giving Enterprise customers more power and more control with the new custom project roles feature.

Access a new level of access control

Two groups of checkboxes, one labeled 'project permissions', the other 'environment permissions'

With the previous system, Unleash only had two project roles: owner and member. A project owner has full control over the project. The owner can manage users and feature flags, and can archive or delete the project. A project member can create, update, and archive feature flags, but can not manage users or archive and delete the project.

However, we know that this is too coarse for certain use cases. In particular, native environment support (released in version 4.3) brings with it some new challenges. Custom project roles help you solve these!

Custom project roles have two levels of permissions: project and environments.

On the project-level, you’ll be able to say whether a user with the role can create, update, or archive feature flags and variants, and whether they can move the flag to a different project. You can also decide whether they can update or delete the project itself. Each of these actions (create flags, update flags, delete the project, etc.) is a separate permission.

On the environment-level, you can specify whether a user with the role can assign, update, and delete feature flag strategies, and whether they can enable and disable feature flags in that specific environment. Again, these are all separate permissions, so you can tune this as finely as you want.

Head on over to the new documentation for custom project roles to learn more about how it works and check the how-to guide for creating and assigning custom project roles when you’re ready to get started.

In summary

This is a major step forward in terms of giving you the tools you need to manage access within your organization. The ability to finely tune roles and project permissions will give you more control and more flexibility. We hope that it will serve you well.

Want to get started?


Share this article