Skip to main content

Role-Based Access Control (RBAC)

This article covers what Role-Based Access Control is, how it is used within STRM Privacy, and provides an overview of all permissions and roles.

Role-Based Access Control (RBAC)

In practice, not all users should be able to view or manage the same resources. Employees working one department, shouldn't automatically be granted access to all data streams within an organization. In order to grant permissions to users, STRM Privacy offers a Role-Based Access Control (RBAC) system. This system should help organizations to manage resources and be more easily compliant with privacy regulations. Currently, four basic roles exist: admin , project_admin , approver and member. Users can have one or more roles and are always assigned at least the member role. The user creating an organization is automatically assigned the admin role. When a user is invited to your organization, only the member role is assigned. Roles can be managed via the manage command in the cli.


Scope PermissionDescription
organization/manageCreate organization handle.
organization/manage usersAdd and remove users from the organization. Change user roles.
organization/create projectCreate a new project within the organization via cli or console.
organization/delete projectDelete a project from an organization, with all its corresponding resources.
organization/view projectsList all projects in an organization. Per project list their members.
organization/view installation statusView the status of installation, installed for your organization.
project/manage membersAdd and remove users from a project.
project/create resourcesCreate streams, derived streams, batch exporters, batch jobs.
project/delete resourcesDelete streams, derived streams, batch exporters, batch jobs.
project/view resourcesList and get streams, derived streams, batch exporters, batch jobs.
project/create data contractsCreate a proposal for a data contract, that needs to be reviewed before becoming active.
data_contracts/viewList and get data contracts from the project in scope and those that are public.
data_contracts/reviewReview data contracts, i.e. validate that the contract is compliant with (company) privacy regulations.

Overview of permissions per role

organization/manage users
organization/create project
organization/delete project
organization/view projects
organization/view installation status
project/manage members
project/create resources
project/delete resources
project/view resources
project/create data contracts