Browserstack Documentation Documentation
Documentation home icon Separator

    Permissions

    Customize role based access permissions based on your Organization’s needs

    IAM Roles in BrowserStack

    In BrowserStack, every user can have 2 levels of roles: an IAM role and a Product role. Each of them come with their own set of permissions and previleges.

    • IAM roles govern administrative access level and dictate what identity and access management privileges a user has within their Organization account on BrowserStack. Learn more about the supported IAM Roles and the associated permissions for each of these roles.

    • Product roles are more diverse and and vary across products. They are distinct, product-specific roles that govern the user’s privileges related to product access and usage. They have no impact on the administrative access of members.

    Generally, in the context of BrowserStack, when the term “role” is used, it specifically refers to the IAM role (and not Product role) assigned to the user.

    BrowserStack offers two distinct categories of custom permissions. Firstly, there are administrative permissions that can be configured based on a member’s IAM role. And secondly, there are permission sets that can be tailored according to their product roles.

    Below is a list of the IAM roles available in an Organization account on BrowserStack and permissions for each type of role:

    IAM Role Details
    Owner An owner of an Organization on BrowserStack, is the member that has purchased the subscription. An owner has all privileges which include buying, upgrading, downgrading and cancelling subscriptions, modifying product access privileges, inviting and removing members from an Organization, and changing member roles. Each Organization can only have one owner.
    Admin An admin is a member that has privileges which include modifying product access privileges for other members, inviting and removing members from an Organization and changing member roles. An Organization can have more than one admin.
    User A user is a member who can use the products for which access privileges have been granted and can invite other users. A Organization can have multiple users, invited by an admin or the owner.
    Note: If teams are created within an Organization account on BrowserStack, then each team can have members with Admin or User roles.

    Which settings can be modified?

    Owner can customize and modify permissions for certain settings if required:

    1. Log in to BrowserStack from Owner account.
    2. Go to Account. Click Settings tab.
    3. Navigate to Permissions section.
    4. Click on IAM roles tab.

    IAM Permissions

    Below are the details of the settings that can be modified by the Owner as per their organization needs:

    Users - Invitations & Requests

    Owner can choose to restrict invitations to specific roles, control who can receive product access requests and who should be notfied when a new user joins their organization account.

    Configure invitations setting

    Below is the list of the invitation related settings can that be modified by the Owner:

    Settings Details
    Invitations - By default, any member can invite their team members to join Organization account on BrowserStack.
    - Owner can now restrict User role from inviting other members in the organization:
    1. Un-check Allow Users to invite new members option.
    2. Click Save. Invite section will no longer be visible (to members with User role) in the Organization page.
    Restrict Invite from Domains - By default, member can invite their members from any domain to join Organization account on Browserstack.
    - Owner can now restrict domains from which members can join orgnization account:
    1. Check Restricted by Domain option.
    2. Enter domains to restrict members on.
    3. Click Save. Domain restriction enabled with info on what domains are restricted will be visible in the Organization page.
    Invite Notifications - By deafult, notification email is sent to the Owner and Admin(s) when a new member joins your BrowserStack account via invite link.
    - Owner can choose who should receive email notifications when any new user joins their organization.
    Product Access Requests - If an existing user does not have access to a product (i.e. Live, App Live, Automate, App Automate or Percy), they can request access via the respective product dashboard. As a result, an access request email is sent to the Owner and Admin(s).
    - Owner can choose who should receive the product access emails from the users.


    Authentication & Security Settings

    By default, only Owner can can configure security settings like Single Sign On, Auto User Provisioning and Manage Data Access for Organization account on BrowserStack.

    Configure authentication setting

    Below is the list of the security settings can that be modified by the Owner:

    Settings Details
    Single sign-on and Auto user provisioning - By default, Owner can configure Single Sign On and Auto User Provisioning
    - Owner can allow one of the Group Admin to configure these settings for organization account:
    1. Check Allow a Group admin to configure SSO and AUP option.
    2. Enter the email address of the admin.
    3. Click Save.
    Allow admin to configure SSO and AUP
    Data Access Management - By default, Owner can view and configure Manage Data Access settings.
    - Owner can allow one of the Admin to configure the setting for organization account:
    1. Check Allow Group admins to view and manage the data access settings option.
    2. Click Save.


    Account Insights and Reports

    Configure insights setting

    Settings Details
    Usage Reports - By default, only Owner can view Usage Reports section inside Test Insights.
    - Owner can also allow Admin(s) to have access to Usage Reports:
    1. Check Allow Group Admins to view Usage reports or Allow Team Admins to view the Usage reports option.
    2. Click Save.
    Audit logs - By default, only Owner can view and export Audit logs on the Summary page.
    - Owner can also allow Admin(s) to have access to Audit logs:
    1. Check Allow Group Admins to view Audit logs or Allow Team Admins to view Audit logs option.
    2. Click Save.

    What are permission sets for product roles?

    Permission sets are a collection of product specific settings and permissions that precisely define the various actions that users can perform while using BrowserStack products. They allow administrators to finetune and manage the functional access of different user groups, ensuring that each user can only perform the specific actions that they are authorized to do depending on their product roles. This level of control allows for customization based on your organization’s needs and enhances security.

    How do they work?

    Whenever a user is assigned a product role, the corresponding permission set for that role will be automatically enforced whenever they use the specific product. At present, permission sets are exclusively applicable to products that support Product roles.

    How to view active permission sets?

    To view the active permission set for a Product <-> Product role combination:

    1. If you are on the Enterprise plan, navigate to Permissions under Settings and click on Product Roles tab.

    If you are on any other plan, click on Settings and scroll down to Permissions section.

    1. Select a product from the Product dropdown.
    2. From the Product Role dropdown menu, choose a product role that you wish to view the permission set for.
    3. A detailed view of the active permission set for that Product <-> Product role combination will be shown. Permission sets view

    Who can modify permission sets for a product

    Any member with a Product role of Product Admin will be able to modify permission sets for all roles of that particular product.

    How to modify permission sets

    Permission sets for a product role can be modified by performing the following steps:

    1. If you are on the Enterprise plan, navigate to Permissions under Settings and click on Product Roles tab.
    2. Select a product from the Product dropdown.
    3. From the Product Role dropdown menu, choose the product role that you want to modify the permission set for.
    4. A detailed view of the active permission set for that Product <-> Product role combination will be shown. Edit Permission Set
    5. Click on the Modify Permissions button
    6. Make the necessary changes and click Save Changes
    Note: Configurable Permission Sets for Product roles require an Enterprise subscription for the corresponding product. Learn more about Enterprise plans.

    We're sorry to hear that. Please share your feedback so we can do better

    Contact our Support team for immediate help while we work on improving our docs.

    We're continuously improving our docs. We'd love to know what you liked






    Thank you for your valuable feedback

    • ON THIS PAGE

      Is this page helping you?

      Yes
      No

      We're sorry to hear that. Please share your feedback so we can do better

      Contact our Support team for immediate help while we work on improving our docs.

      We're continuously improving our docs. We'd love to know what you liked






      Thank you for your valuable feedback!

      We use cookies to enhance user experience, analyze site usage, and assist in our marketing efforts. By continuing to browse or closing this banner, you acknowledge that you have read and agree to our Cookie Policy, Privacy Policy and Terms of Service.

      Got it

      Talk to an Expert
      Download Copy