Navigation

Permissions Reference

Control access with roles and permissions

This guide provides a comprehensive reference for the permissions system in Aperture. It outlines all available permissions, the default roles, and which actions each permission allows.

Permissions by Domain

Aperture uses a permission-based system to control access to different features and functionality. Each domain groups related permissions and the resources they control.

Accounts Domain

Manages organization members, teams, and invitations.

PermissionDescription
manage_members Full control over organization members, teams, and team members Full control over organization members, teams, and team members
invite_members Ability to invite new users to the organization Ability to invite new users to the organization

App Domain

Manages web and native applications.

PermissionDescription
manage_apps Full control over web and native applications Full control over web and native applications
read_apps Read-only access to applications Read-only access to applications

Publishing Domain

Manages deployments, builds, and deployment timelines.

PermissionDescription
manage_deployments Control over deployment, builds, and deployment timeline Control over deployment, builds, and deployment timeline

Access Control Domain

Manages roles, permissions, and access control.

PermissionDescription
manage_roles Control over role creation and assignment Control over role creation and assignment

Organization Domain

Manages organization-level settings and billing.

PermissionDescription
manage_org Control over organization settings and configuration Control over organization settings and configuration
manage_billing Control over organization billing and payment information Control over organization billing and payment information

Security & Monitoring Domain

Manages logs, analytics, API keys, and secrets.

PermissionDescription
view_audit_logs Access to view audit logs and history Access to view audit logs and history
view_analytics Access to view application analytics Access to view application analytics
manage_api_keys Control over API keys for the organization Control over API keys for the organization
manage_secrets Control over application secrets and environment variables Control over application secrets and environment variables

Default Roles

The system comes with three default roles that are created for each organization. The table below shows which permissions are included in each role:

PermissionMemberAdminOwner
manage_members Full control over organization members, teams, and team members
invite_members Ability to invite new users to the organization
manage_apps Full control over web and native applications
read_apps Read-only access to applications
manage_deployments Control over deployment, builds, and deployment timeline
view_audit_logs Access to view audit logs and history
view_analytics Access to view application analytics
manage_roles Control over role creation and assignment
manage_api_keys Control over API keys for the organization
manage_secrets Control over application secrets and environment variables
manage_org Control over organization settings and configuration
manage_billing Control over organization billing and payment information

Best Practices

  1. Follow the Principle of Least Privilege Grant users only the permissions they need to perform their tasks, reducing security risks.

  2. Use Custom Roles Create custom roles with specific permission sets for specialized user types and functions.

  3. Audit Regularly Regularly review which users have which permissions and adjust as roles change or team members leave.

  4. Separate Responsibilities Different roles should have different responsibilities to maintain security and accountability.

Security Considerations

Previous

Team Collaboration