Role-based access control
Overview
Stigg offers fine-grained control over how team members access your account and its entities using a concept of role-based access control (RBAC).
Role-base access control is included in the Scale plan. Without it, team members are granted full access to the account all of its environments.
Roles
Stigg offers 2 types of account-level roles:
- Owner - can do everything in the account, including: managing team members, billing and security settings.
- Member - can view and manage environments they have been granted access to.
Access to environments is granted separately.
The following table summarizes the privileges of each role:
| Entity | Action | Owner | Member |
|---|---|---|---|
| Account details | View | β | β |
| Edit | β | β | |
| Team members | View | β | β |
| Invite | β | β | |
| Change role | β | β | |
| Remove | β | β | |
| Billing details | View | β | β |
| Edit | β | β |
Environment access
Stigg allows you to grant a different level of access for production and non-production environments:
- Full access - manage environments, product catalog, customers, subscriptions, and integrations.
- Customer management - manage customers and subscriptions, all other entities are read-only.
- Read-only - read-only access to all entities in Stigg.
- No access - no visibility or access to this type of environments.
Access is grouped according to the environment type (production and non-production). When team members are granted a specific level of access to an environment type, this level of access is applied to all environments of the same type. For example: when team members are granted "read-only" access to production environments, they'll have this level of access in all production environments that are created in the account.
The following table summarizes the privileges of each level of access:
| Entity | Action | Full access | Customer management | Read-only | No access |
|---|---|---|---|---|---|
| Products | View | β | β | β | β |
| Create | β | β | β | β | |
| Edit | β | β | β | β | |
| Archive | β | β | β | β | |
| Plans | View | β | β | β | β |
| Create | β | β | β | β | |
| Edit | β | β | β | β | |
| Archive | β | β | β | β | |
| Add-ons | View | β | β | β | β |
| Create | β | β | β | β | |
| Edit | β | β | β | β | |
| Archive | β | β | β | β | |
| Coupons | View | β | β | β | β |
| Create | β | β | β | β | |
| Edit | β | β | β | β | |
| Archive | β | β | β | β | |
| Customers | View | β | β | β | β |
| Create | β | β | β | β | |
| Edit | β | β | β | β | |
| Archive | β | β | β | β | |
| Subscriptions | View | β | β | β | β |
| Create | β | β | β | β | |
| Edit | β | β | β | β | |
| Cancel | β | β | β | β | |
| Experiments | View | β | β | β | β |
| Create | β | β | β | β | |
| Edit | β | β | β | β | |
| Start / stop | β | β | β | β | |
| Integrations | View | β | β | β | β |
| Create | β | β | β | β | |
| Edit | β | β | β | β | |
| Remove | β | β | β | β | |
| Widget design | View | β | β | β | β |
| Edit | β | β | β | β | |
| Activity log | View | β | β | β | β |
| Environment | View | β | β | β | β |
| Download product catalog | β | β | β | β | |
| View API key prefix | β | β | β | β | |
| Copy full API key | β | β | β | β | |
| Create | β | β | β | β | |
| Edit | β | β | β | β | |
| Enable client-side security | β | β | β | β | |
| Copy configuration | Only to environment types they have full access to | β | β | β | |
| Archive | β | β | β | β |
Example use-cases
Account owner
Users that have full access to the account.
- Role - Owner
- Production access - Full access
- Non-production access - Full access
Engineering manager / Product manager
Users that have full access to all environments.
- Role - Member
- Production access - Full access
- Non-production access - Full access
Engineer
User that have full access to non-production environments and limited access to production environments.
- Role - Member
- Production access - Read-only
- Non-production access - Full access
Customer-facing representative
Users that manage customers and subscriptions in production, for example: Technical Support Engineers (TSEs), Customer Success representatives (CS) and Sales team members.
- Role - Member
- Production access - Customer management
- Non-production access - None
Billing manager
Users that manage the Stigg subscription and billing details, for example: Finance team members.
- Role - Owner
- Production access - None
- Non-production access - None
Access management
Account owners can define team member access upon invitation, as well as updating their details after they joined the account.
Updated 7 days ago