Skip to main content

Roles

Roles in Appsmith are collections of permissions that enable users or groups to access certain operations on resources. Rather than giving individual permissions to users or groups, roles allow users to manage multiple permissions.

Instance roles

In addition to the default roles for applications and workspace, Appmith provides two instance-level roles - Default Role for all Users and Instance Administrator.

  • Default Role For All Users: This role applies to all users and can be used to assign a default set of permissions in an instance. It is editable and does not come with any predefined permissions, and Instance Administrators can customize it and assign default permissions to new users joining the instance. By adjusting the permissions in this role, they can ensure that new users have an appropriate level of access.

  • Instance Administrator: This role provides a user with permission to modify settings at the instance level from the Admin settings. This includes changing the general settings of the instance, such as authentication, email, custom branding, access to view audit logs and granular access control actions. It's important to note that this role has significant control over the instance, so it should only be assigned to trusted users who need these capabilities.

Custom roles

With custom roles, you can provide fine-grained access control by configuring multiple permissions for the role you are creating. To create a custom role, go to Admin Settings > Access Control > Roles and click the Add Role button.

Add a new Role
Add a custom role

The permissions are grouped into four categories, which helps users manage and access the necessary permissions easily:

Application resources

In this section, you'll find permissions related to the application and its resources such as pages, widgets, and queries. The table below illustrates the permissions that can be assigned to either a user or a group. Additionally, it explains how each permission behaves at various hierarchical levels.

Create
Edit
Delete
View
Execute
Public
Export
WorkspaceCreate applications, pages and queries inside the workspaceEdit any application, page and query inside the workspace.Delete any application, page and query inside the workspaceView any application, page and query inside the workspace.-Make any application inside the workspace public.Export any application in the workspace.
AppCreate pages and queries inside the appEdit pages and queries inside the app.Delete the app and its pages and queries.View the app and its pages and queries.-Make the application publicExport that particular application.
PageCreate queries on the page.Edit the page and its queries.Delete the page and its queries.View the page and its queries.---
Query-Edit the query.Delete the query.View the query.Execute the query.--
WorkflowsCreate new workflows and resources inside a workflow.Required to make changes to the Workflow.Required to delete a workflow. Users will need Edit permission to delete individual actions inside the workflow.An Edit permission also enables the permission to view workflow run history.An Edit permission also enables the Execute permission to run workflow.--

Datasource and environments

This section contains permissions related to the actions a user can perform on datasources and environments. The table below lists the different permissions available and outlines how each permission operates at varying hierarchical levels:

Execute
Create
Edit
Delete
View
WorkspaceExecute queries on any datasource in the workspace.Create queries on any datasource in the workspace.Edit any datasource in the workspace.Delete any datasource in the workspace.View any datasource in the workspace.
EnvironmentsExecute queries for different environments.Create custom environments.Edit and configure different environments.Delete different environments.View environments in the workspace.
DatasourcesExecute queries on that datasource provided they have access to execute on at least one environment.Create queries on the datasource.Edit values of datasource configurations parameters in all environments.Add or remove datasource configuration parameters in all environments.View datasource configuration values in all environments.

Groups and roles

This section includes permissions for managing the groups and roles of an Appsmith instance. The table below presents the available permissions that can be assigned to either a user or a group:

Create
Edit
Delete
View
Invite User
Remove User
Associate Role
GroupsCreate a User Group.Edit any User Group.Delete any User Group.View any User GroupInvite an email to any User Group.Remove another user from any User Group.-
Group-Edit the User Group.Delete the User Group.View the User Group.Invite an email to the User GroupRemove another user from the User Group.-
RolesCreate a RoleEdit any Role.Delete any Role.View any Role.--Assign any role to any User or User Group.
Role-Edit the Role.Delete the Role.View the Role.--Assign the role to any User or User Group.

Others

In this section, users can assign permissions for workspaces and Audit logs.

Create
Edit
Delete
View
WorkspacesCreate a workspace.Edit any workspace.Delete any workspace.View any workspace.
Workspace-Edit the workspace.Delete the workspace.View the workspace.
Audit Logs---View the audit logs.