Roles
A role is a set of privileges to access resources. These privileges are divided into four types:
- READ: Access to view a list of units or a single unit with its details, including connection data.
- CREATE: Ability to create new units with custom preferences, spending project balance.
- UPDATE: Access to options of existing units. For optimal usage, this should not be used without READ permission.
- DELETE: Ability to permanently and irrevocably remove existing units.
A role can have a unique name and specific rights it grants. Some rights cannot be modified. For example, the ORGANIZATIONS:READ permission is enabled for all users, since any user can preview the list of organizations they are part of.
Every organization comes with several existing unchangeable roles, such as Administrator or Member. These roles cannot be deleted.
Updating a custom role instantly updates the access for all users assigned to that role. Custom roles are not shared between organizations. These roles are available for all projects within a single organization. A role cannot be deleted unless it is unassigned from all users in the projects.
Keep in mind that rights like ROLES:UPDATE may grant users the ability to modify and upgrade their own access.