Custom roles
Last updated
Last updated
In Cortex, there are four default roles: Viewer, User, Manager, and Admin.
While each of these provides access to different Cortex features, you can also create custom roles to give users more granular permissions.
In Cortex, go to the Roles and permissions settings page.
Click your avatar in the lower left corner, then click Settings.
Under "Authentication and access," click Roles and permissions.
In the upper right corner, click Create custom role.
In the "Create custom role" modal, fill in the basic information:
Role name: Enter a name for the role.
Identifier: This field is automatically populated based on the role name. It is a unique identifier for the role, made of letters, digits, and hyphens.
Description: Optionally, add a description of the role to help others understand its purpose.
Settings: Expand each of the Permission sections to view and toggle on/off a permission setting for the role. All permissions are toggled off by default.
Click Create role.
You can assign a custom role to a team or user the same way you would assign a default role. See Assign role to a user for instructions.
It is possible to assign multiple roles to an individual user or team. When multiple roles are assigned, the resulting permissions will be the maximum permissions associated with their assigned role(s). For example, if an individual is assigned two roles with distinct set of permissions, all of those permissions will be applied to that user.
For information on creating or deleting users and setting a default role for new users, see Adding and removing Cortex users.
To delete a custom role:
On the Roles and permissions settings page, click the User role tab.
In the confirmation modal, click Delete.
Note that you cannot delete a custom role if it is associated with a plugin.
The table below describes the permission options you can add to a custom role.
Catalogs
Catalogs view
View catalogs and entities
Catalogs
Entity types edit
Create, edit, and delete entity types
Catalogs
Catalogs edit
Create, edit, and delete catalogs
Catalogs
Entities edit
Create, edit, and delete entities
Catalogs
Entities archive
Archive entities
Catalogs
Entities delete
Delete entities
Catalogs
Entity dependency discovery enable
Sync dependencies directly when on the dependency graph feature
Catalogs
Entity verification period configure
Create and edit periods for verifying Cortex entities
Scorecards & Initiatives
Scorecards view
View scorecards
Scorecards & Initiatives
Scorecards edit
Create, edit, and delete scorecards
Scorecards & Initiatives
Scorecards re-evaluation execute
Manually trigger a scorecard's evaluation via the UI
Scorecards & Initiatives
Scorecard exemptions view
View scorecard exemptions
Scorecards & Initiatives
Scorecard exemptions configure
Approve or revoke scorecard exemptions
Scorecards & Initiatives
Initiatives view
View initiatives
Scorecards & Initiatives
Initiatives edit
Create, edit, and delete initiatives
Reporting
Scorecard report view
View scorecard reports
Reporting
CQL report view
Ability to view CQL reports
Reporting
CQL report edit
Create, edit, and delete CQL reports
Eng Intelligence
Eng Intelligence view
View the Eng Intelligence metrics across all teams, users, groups, and entities
Eng Intelligence
Eng Intelligence configure
Configure Eng Intelligence settings
Eng Intelligence
Custom Metrics configure
Create, edit, and delete Eng Intelligence custom metrics
Eng Intelligence
Custom Metric data edit
Create, edit, and delete Eng Intelligence custom metrics data points via API
Workflows
Workflows edit
Create, edit, and delete workflows
Workflows
Workflows view
View workflows
Workflows
Workflow runs view
View workflow runs
Workflows
Workflow runs execute
Ability to run workflow
Plugins
Plugins edit
Create, edit, and delete plugins
Plugins
Plugin proxies edit
Create, edit, and delete plugin proxies
Plugins
Plugin appearance configure
Manage appearance of plugins
Tools
Relationship graph enable
View onboarding management
Tools
Onboarding management view
View onboarding management
Tools
Onboarding management enable
Trigger onboarding management notifications
Tools
Discovery audit events configure
Ignore or import entities found in the discovery audit tool
Tools
Scaffolder templates configure
Create, edit, and delete Scaffolder templates
Tools
Scaffolder execute
Run the Scaffolder
Tools
Query builder (basic) enable
Access to query builder tool that allows CQL queries to be created and run adhoc
Tools
Query builder (with 3rd party integrations) enable
Access to query builder tool that allows CQL queries to be created and run adhoc, including queries of 3rd party integration data
Notifications
Workspace notification settings configure
Enable or disable workspace notification settings
Notifications
Notification logs view
View notification logs
Notifications
Notification logs execute
Resend a notification
Settings
Settings configure
Edit workspace settings, identity mappings, and integration configurations
Settings
Appearance settings configure
Edit workspace appearance settings, including logo upload, plugin placement throughout the app, entity overview tabs and navigation order, and catalog sort order
Settings
IP allowlist configure
Configure restriction for Cortex app and public API access to specified IPs
Settings
GitOps logs view
View GitOps logs
Settings
OpenID Connector & SCIM configure
Manage OpenID application details and SCIM for Auth0, Azure, Google, and Okta
Settings
Roles view
View workspace role definitions and user role assignments
Settings
Roles configure
Manage workspace role definitions and user role assignments
Settings
Breaking API changes view
View breaking API changes
Settings
Create API keys edit
Create, edit, and delete Cortex API keys
Settings
Identity mappings configure
Review how team members defined in the team catalog are matched to external accounts (e.g. GitHub, Jira, PagerDuty, ClickUp, or Slack).
Settings
Integrations configure
Install, uninstall, and configure integrations
Access Management
Create secrets edit
Create, edit, and delete secret keys used in plugin proxies, secure access to 3rd party APIs, etc
Access Management
Audit logs view
View audit logs
Click the trash icon next to a role.
