Skip to main content

Roles

Roles in Appsmith are collections of permissions that enable users or groups to access certain operations on resources. Rather than giving individual permissions to users or groups, roles allow users to manage multiple permissions.

Instance roles

In addition to the default roles for applications and workspace, Appmith provides two instance-level roles - Default Role for all Users and Instance Administrator.

  • Default Role For All Users: This role applies to all users and can be used to assign a default set of permissions in an instance. It is editable and does not come with any predefined permissions, and Instance Administrators can customize it and assign default permissions to new users joining the instance. By adjusting the permissions in this role, they can ensure that new users have an appropriate level of access.

  • Instance Administrator: This role provides a user with permission to modify settings at the instance level from the Admin settings. This includes changing the general settings of the instance, such as authentication, email, custom branding, access to view audit logs and granular access control actions. It's important to note that this role has significant control over the instance, so it should only be assigned to trusted users who need these capabilities.

Custom roles

With custom roles, you can provide fine-grained access control by configuring multiple permissions for the role you are creating. To create a custom role, go to Admin Settings > Access Control > Roles and click the Add Role button.

Add a new Role
Add a custom role

The permissions are grouped into four categories, which helps users manage and access the necessary permissions easily:

Application resources

In this section, you'll find permissions related to the application and its resources such as pages, widgets, and queries. The table below illustrates the permissions that can be assigned to either a user or a group. Additionally, it explains how each permission behaves at various hierarchical levels.

Create
Edit
Delete
View
Public
Export
WorkspaceCreate applications, pages and queries inside the workspaceEdit any application, page and query inside the workspaceDelete any application, page and query inside the workspaceView any application, page and query inside the workspace.Make any application inside the workspace publicExport any application in the workspace
AppCreate pages and queries inside the appEdit pages and queries inside the appDelete the app and its pages and queriesView the app and its pages and queries.Make the application publicExport that particular application
PageCreate queries on the pageEdit the page and its queriesDelete the page and its queriesView the page and its queries--
Query-Edit the queryDelete the queryView the query--

Datasource and queries

This section contains permissions related to the actions a user can perform on datasources and queries. The table below lists the different permissions available and outlines how each permission operates at varying hierarchical levels:

Execute
Create
Edit
Delete
View
WorkspaceExecute queries on any datasource in the workspaceCreate queries on any datasource in the workspaceEdit any datasource in the workspaceDelete any datasource in the workspaceView any datasource in the workspace
DatasourceExecute queries on the datasourceCreate queries on the datasourceEdit the datasourceDelete the datasourceView the datasource
QueryExecute the query----

Groups and roles

This section includes permissions for managing the groups and roles of an Appsmith instance. The table below presents the available permissions that can be assigned to either a user or a group:

Create
Edit
Delete
View
Invite User
Remove User
Associate Role
GroupsCreate a User GroupEdit any User GroupDelete any User GroupView any User GroupInvite an email to any User GroupRemove another user from any User Group-
Group-Edit the User GroupDelete the User GroupView the User GroupInvite an email to the User GroupRemove another user from the User Group-
RolesCreate a RoleEdit any RoleDelete any RoleView any Role--Assign any role to any User or User Group
Role-Edit the RoleDelete the RoleView the Role--Assign the role to any User or User Group

Others

In this section, users can assign permissions for workspaces and Audit logs.

Create
Edit
Delete
View
WorkspacesCreate a workspaceEdit any workspaceDelete any workspaceView any workspace
Workspace-Edit the workspaceDelete the workspaceView the workspace
Audit Logs---View the audit logs