Skip to main content

Fine-Grained Access Control

GuardRails is designed in an opinionated way to ensure that 80% of our users can get immediate value without having to tweak any settings. However, we also understand that large organizations and power users require customizations.

In addition to just working with the repository level permissions from the version control systems, GuardRails now offers fine grained access control.

Permissions can now be granted on the GuardRails level on two distinct levels:

  1. Users: Permissions on a per user basis
  2. Teams: Permissions on a per team and team member basis

Users

The permission for users can be configured in the People menu on the left menu bar.

Once selected you will be on the Users tab and able to see a list of all users that have logged in to the dashboard.

People Users Screen

The current user can not change their own permissions, but if they have Manager or Admin/Owner permissions, they can modify the permissions of users. Note that Managers can only set permissions to either Developer, Security Engineer or Manager. Admins and Owners can change permissions to any role.

Permission Matrix

Teams

The permission for teams can be configured in the People menu on the left menu bar.

Once selected you can navigate to the Teams tab and are able to see a list of all teams that have been created.

People Teams Screen

As a Manager, Admin or Owner you will be able to create new teams, and edit existing ones.

When creating a new team, you will be automatically team admin for it. The following options can be configured:

  • Team Name
  • Department
  • Description
  • Which users have access to the team and what their roles are. Roles are either:
    • Team Developer
    • Team Security Engineer
    • Team Admin
  • Which repositories the team has access to. Note that users can only add repositories that they have access to.

New Team Screen

Determining the permissions

The permissions are determined based on the following logic:

  1. Does the user have access to the repository on the version control level?
  2. Has the user been given Security Engineer, or Admin privileges?
  3. Has the user been given access to the repository as part of a team?