Configure fine-grained admin permissions
Use role-based access control for granular control and delegation of admin permissions.
| Roles and Permissions Availability | |||
|---|---|---|---|
| Cloud | Public beta | ||
| Self-hosted Edge 3.256 or later | Public beta | ||
| Self-hosted Stable 3.253 or later | Public beta | ||
The Roles and Permissions feature enables the use of role-based access control for settings that would normally be available only to admins. This offers greater flexibility than permission groups and is useful for organizations who want to delegate access of certain settings to non-admin users without the need to grant full admin privileges.
For example, a Design team may need access to an organization's branding settings so they can manage the branding styles. Rather than give every member of the Design team full admin access, the organization can create a role with Manage branding permission and apply it to the Design team's group. The Design team is then able to configure the organization's branding settings while still be restricted from making changes to any other organization settings.
Role-based permissions offer much greater access control than permission groups. Once you configure the necessary roles to control access, you can apply them to any number of groups. Retool will eventually transition to role-based access controls as a permissions management method.
To enable this feature, an admin must navigate to Settings > Beta and enable Permissions v2.
Only organization admins can configure roles and their permissions.
Create a role with the required admin permissions
Create roles that have only the minimum admin permissions needed. You can create and assign multiple roles to groups so that members receive a combination of their permissions.
A role contains a set of admin permissions that grant access to specific organization settings, such as Manage Spaces. Create each role and select which permissions are applicable. Once completed, select the groups to which the role applies. Each user within the group then inherits the role permissions.
To get started, sign in to your Retool organization and navigate to Settings > Roles & Permissions. Then, click Create Role to create a new custom role.
You define the name and description for each role, and select which permissions to set. You can search through permissions or filter them by type, such as User management and Configuration. Each permission controls access to a specific settings page within your organization. For example, enabling the Manage branding permission allows access to the Manage branding settings page.
Toggle the permissions that should apply to the role. The Permissions preview pane displays a summary of the role's permissions as you make changes.
Click Save changes once you complete the changes to your role. You can return to the role at any time to make further change, if needed.
Assign the role to groups
You can assign roles to groups from either the Roles & Permissions or Groups page.
- Assign roles to a group
- Assign groups to a role
The Assignment tab contains a list of groups to which the role is assigned. Click + Add group assignment to select which groups are assigned the role. You can also click > to expand a group and view a complete list of its members.
The Groups settings page is where you manage all groups for your organization. To change roles for a group, select the group and click Modify role assignments.