Roles & Permissions (RBAC)
Pulsimo uses Role-Based Access Control (RBAC) to manage user permissions at both organization and project levels.
Key Concepts
Role
Collection of permissions (Owner, Admin, Member, Viewer)
Permission
Specific action a user can perform
Scope
Where role applies (Organization or Project)
Role Hierarchy
Organization Level
Project Level
Role Definitions
Owner 👑
Full administrative control over the organization.
Permissions:
- ✅ All organization permissions
- ✅ All project permissions
- ✅ Manage billing
- ✅ Delete organization
- ✅ Transfer ownership
Typical Use:
CEO, CTO, Founder - Only 1-2 per organization
Admin 🛡️
Manage organization and users but cannot delete organization or manage billing.
Permissions:
- ✅ Invite/remove users
- ✅ Manage roles
- ✅ Create/delete projects
- ✅ Manage all endpoints
- ✅ Manage alert policies
Typical Use:
DevOps Lead, Infrastructure Manager
Member 👤
Create and manage own resources within assigned projects.
Permissions:
- ✅ Create projects
- ✅ Add/edit/delete endpoints
- ✅ Acknowledge incidents
- ✅ View all organization data
- ❌ Cannot manage users
Typical Use:
Engineers, Developers, SREs
Viewer 👁️
Read-only access to organization data.
Permissions:
- ✅ View dashboards
- ✅ View incidents
- ✅ View performance metrics
- ❌ Cannot create or modify anything
Typical Use:
Stakeholders, Management, External Auditors
Permission Matrix
Complete permissions by role:
| Permission | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
| Manage organization | ✓ | ✗ | ✗ | ✗ |
| Invite/remove users | ✓ | ✓ | ✗ | ✗ |
| Create projects | ✓ | ✓ | ✓ | ✗ |
| Create/edit endpoints | ✓ | ✓ | ✓ | ✗ |
| View dashboards | ✓ | ✓ | ✓ | ✓ |
Best Practices
🎯 Principle of Least Privilege: Grant users the minimum permissions needed for their role.
👥 Limit Owners: Only 1-2 Owner accounts per organization to reduce security risk.
🔄 Regular Reviews: Audit user permissions quarterly and remove access for inactive users.