Aptori Role-Based Access Control (RBAC)
Overview
This section describes the role-based access control (RBAC) model implemented in Aptori. It outlines how roles, permissions, and access levels work across Organizations, Groups, and Projects.
1. Organization-Level Access
Organization Resources
Certain resources are managed at the Organization level and accessible only to Organization Owners.
- Groups (only Owners can create or delete Groups)
- Group Members (users must belong to the Organization before joining Groups)
- System Integrations (e.g., Jira, Slack, GitLab, Webhooks)
Organization Roles and Permissions
| Action | Org Guest | Org Developer | Org Maintainer | Org Owner |
|---|---|---|---|---|
| Create Group | ✓ | |||
| Add Group Member | ✓ | |||
| Update Group Member Role | ✓ | |||
| Remove Group Member | ✓ | |||
| View Group Members | ✓ | ✓ | ✓ | ✓ |
| List Groups | ✓ | ✓ | ✓ | ✓ |
| Configure Connector (Jira) | ✓ | |||
| Configure Connector (GitLab) | ✓ | |||
| Configure Connector (Webhook) | ✓ |
Notes:
- Only Organization Owners can manage system integrations and create/delete Groups.
2. Group-Level Access
Group Roles and Permissions
| Action | Group Guest | Group Developer | Group Maintainer | Group Owner |
|---|---|---|---|---|
| Add Group Member | ✓ | |||
| Update Member Role | ✓ | |||
| Remove Member | ✓ | |||
| View Group Members | ✓ | ✓ | ✓ | ✓ |
| List Groups | ✓ | ✓ | ✓ | ✓ |
| Create Project | ✓ | |||
| Delete Project | ✓ | |||
| List Projects | ✓ | ✓ | ✓ | ✓ |
| View Project Details | ✓ | ✓ | ✓ | ✓ |
Restrictions:
- Users cannot change their own roles or remove themselves from a Group.
- Only Organization Owners may create or delete Groups.
3. Project-Level Access
Project Inheritance
Every project is owned by a Group. A user's role within the Group determines their access to the associated Project.
Project Resource Permissions
| Action | Group Guest | Group Developer | Group Maintainer | Group Owner |
|---|---|---|---|---|
| Create API | ✓ | ✓ | ✓ | |
| Delete API | ✓ | ✓ | ||
| List APIs | ✓ | ✓ | ✓ | ✓ |
| View API Settings | ✓ | ✓ | ✓ | ✓ |
| Download/Sync Postman | ✓ | ✓ | ✓ | |
| Update API Settings | ✓ | ✓ | ||
| Upload API Definition | ✓ | ✓ | ||
| List Configuration | ✓ | ✓ | ✓ | ✓ |
| View Configuration | ✓ | ✓ | ✓ | ✓ |
| Create Configuration | ✓ | ✓ | ✓ | |
| Update Configuration | ✓ | ✓ | ✓ | |
| List Runs | ✓ | ✓ | ✓ | ✓ |
| View Run Details | ✓ | ✓ | ✓ | ✓ |
| Create Run | ✓ (1) | ✓ (1) | ✓ (1) | |
| List Issues | ✓ | ✓ | ✓ | ✓ |
| View Issue Details | ✓ | ✓ | ✓ | ✓ |
| Update Issues | ✓ | ✓ | ✓ |
(1) A user may only create a Run if they have the required permissions for the target Environment.
Summary
- Roles are hierarchical and scoped to Organization, Group, or Project levels.
- Permissions cascade from Group roles to Project access.
- Only Organization Owners have full administrative control.
- Group Owners can manage users and resources within their group.
- Developers and Maintainers have progressively greater control over projects, APIs, and configurations.
For questions or implementation support, contact Aptori support or your platform administrator.