Asgardeo user roles¶
Roles assigned to a group or user determine their permissions for accessing resources in the organization. Asgardeo offers several default roles that tailor the Console experience to privileged users. As the organization administrator/owner, you can assign these roles to privileged users according to the requirement.
Note
The roles described here are only for the Asgardeo Console. To learn more about roles that govern access to REST APIs, refer to manage roles.
| Administrator | This role provides all administrative permissions in the organization. An administrator is a privileged user who has overall access to the organization. |
| Auditor | This role provides list and view permissions to Asgardeo resources. With read-only access to all resources in the Asgardeo Console, it is ideal for troubleshooting issues and supporting other users within the organization.. |
| Editor - Applications | This role provides permissions for registering and managing applications, ideal for privileged users who can integrate applications with Asgardeo. |
| Viewer - Applications | This role provides permissions for viewing applications and their settings. It is designed for users who need read-only access to applications and their integration settings. |
| Editor - Users | This role provides permissions for managing users and groups within the organization. |
| Viewer - Users | This role provides permissions required for viewing users and groups. |
| Editor - Connections | This role provides permissions for managing connections, ideal for a privileged user who can manage enterprise logins, social logins and MFA options available within the organization. |
The permissions associated with each role are outlined below. Resources not explicitly specified for a role are inaccessible to users and groups assigned to it.
Administrator
Administrator has read/write access to all the resources in the Asgardeo Console.
Auditor
Auditor has read-only access to all the resources in the Asgardeo Console.
Editor - Applications
| Resources | Sub-section | Read/Write access | Read access only |
|---|---|---|---|
| Applications | ️ | ✔ | ️ |
| Connections | ️ | ️ | ✔ |
| API Resources | ️ | ✔ | |
| Branding | ️ | ✔ | ️ |
| User Management | Users️ | ️ | ✔ |
| User Management | Groups️ | ️ | ✔ |
| User Management | Roles | ️✔ | ️ |
| User Attributes & Stores | Attributes | ️ | ️✔ |
| User Attributes & Stores | Attributes > Scopes | ️️✔ | |
| Organizations | ️ | ️ | ✔ |
| Login & Registration | ️ | ️✔ | ️ |
| Actions | ️ | ️✔ | ️ |
| Events | ️ | ️✔ | ️ |
| Logs | ️Diagnostic logs | ️✔ |
Viewer - Applications
| Resources | Sub-section | Read/Write access | Read access only |
|---|---|---|---|
| Applications | ️ | ️ | ✔ |
| Connections | ️ | ️ | ✔ |
| API Resources | ️ | ️ | ✔ |
| Branding | ️ | ️ | ️✔ |
| User Management | Users️ | ️ | ✔ |
| User Management | Groups️ | ️ | ✔ |
| User Management | Roles | ️️✔ | |
| User Attributes & Stores | Attributes | ️ | ️✔ |
| User Attributes & Stores | Attributes > Scopes | ️️ | ✔ |
| Organizations | ️ | ️ | ✔ |
| Login & Registration | ️ | ️ | ️✔ |
| Actions | ️ | ️ | ️✔ |
| Events | ️ | ️ | ️✔ |
| Logs | ️Diagnostic logs | ️✔ |
Editor - Users
| Resources | Sub-section | Read/Write access | Read access only |
|---|---|---|---|
| User Management | Users️ | ️✔ | ️ |
| User Management | Groups️ | ✔ | ️ |
| User Management | Roles | ️✔ | ️ |
Viewer - Users
| Resources | Sub-section | Read/Write access | Read access only |
|---|---|---|---|
| User Management | Users️ | ️️✔ | |
| User Management | Groups️ | ️️✔ | |
| User Management | Roles | ️ | ️️✔ |
Editor - Connections
| Resources | Sub-section | Read/Write access | Read access only |
|---|---|---|---|
| Connections | ✔ | ️️ | |
| User Attributes & Stores | Attributes | ️️✔ |