Understanding Roles in env zero
env zero provides two types of roles to manage access control within your organization:Default Roles vs. Custom Roles
Default Roles are built-in, non-editable roles that come with every env zero organization. These roles provide standard permission sets for common use cases and cannot be modified or deleted. They are designed to cover the most common access patterns and ensure consistent security practices across organizations. Custom Roles allow you to create tailored permission sets that match your organization’s specific needs. These roles can be created, edited, and deleted as needed, giving you full flexibility to define exactly what permissions users should have.Role Assignment Levels and Inheritance
Roles can be assigned at three levels in env zero, and permissions cascade down the hierarchy:- Organization Level: Roles assigned at the organization level apply to the entire organization and cascade down to all projects (including sub-projects) and environments within the organization.
- Project Level: Roles assigned at the project level apply to that specific project and cascade down to:
- All sub-projects within that project
- All environments within the project and its sub-projects
- Environment Level: Roles assigned at the environment level apply only to that specific environment.
Permission Cascadingenv zero’s RBAC is cascading, top to bottom. If a user or team has a permission at the organization level, they have that permission on every project and environment in the organization. Similarly, project-level permissions apply to all sub-projects and environments within that project.However, this does not work in reverse - project permissions only apply to that specific project and its sub-projects, not to the parent project or organization.