Skip to main content

Role Based Access Control (RBAC)

AvailableCloud with Teams add-onNot availableSelf-Managed Community (OSS)AvailableSelf-Managed Enterprise

Role Based Access Control allows a user with Administrative access to apply roles to users, granting different levels of permission within an Organization or Workspace.


Self-Managed Enterprise instances have an Instance Admin role in addition to the other roles outlined in this document. The first user who logs on to Airbyte in a Self-Managed Enterprise instance will be assigned this role. This user will have all permissions listed below for all workspaces and all organizations associated with their Enterptise account. To update this assigment, enterprise customers should contact Airbyte support.

Organization Resource Roles

Permissions are scoped to the given Organization for which the user has this role, and any Workspaces within.

Read Organization
  • Read individual organizations
Create Workspace
  • Create new workspace within a specified organization
  • Delete a workspace
Update Organization
  • Modify organization settings, including billing, PbA, SSO
  • Modify user roles within the organization

Workspace Resource Roles

Permissions are scoped to the specific Workspace in which the user has this role.

Read Workspace
  • List the connections in a workspace
  • Read individual connections
  • Read workspace settings (data residency, users, connector versions, notification settings)
Modify Connector Settings
  • Create, modify, delete sources and destinations in a workspace
Update Connection
  • Start/cancel syncs
  • Modify a connection, including name, replication settings, normalization, DBT
  • Delete a connection
  • Create/Update/Delete connector builder connectors
Update Workspace
  • Update workspace settings (data residency, users, connector versions, notification settings)
  • Modify workspace connector versions

Setting Roles

In the UI, navigate to Settings > General to see a list of your Organization or Workspace members. Here, by selecting the role listed under Organization Role or Workspace Role, you can change the assignment.

Note that it is not possible to assign a Workspace member to a role that is more restricted than the role they've been assigned at the Organizational level.

For example, a person who is assigned to be an Organization Admin would automatically have Admin-level permissions in all Workspaces within the Organization and can not be demoted within a Workspace. On the other hand, a person assigned to the Reader role in an Organization could be assigned the Reader, Editor, or Admin role in an individual Workspace.