Ask the Community
Role-based Access Control (RBAC) for Projects
Learn the different access levels in Project Management.
RBAC is a security mechanism that restricts access based on user roles. It ensures that only authorized individuals have the necessary control and capabilities to perform specific tasks within Project Management. This streamlines workflow and enhances security.
Types of Roles
There are typically two types of roles used in RBAC systems:
-
IAM Roles (Identity and Access Management Roles)
These roles control ownership and administrative privileges across all BrowserStack products. They determine a user’s ability to grant access to others. -
Product Roles
These roles are specific to a particular product or service and control a user’s access to features and functionalities within that product.
IAM roles
-
Owner
The owner role has complete control over organization settings, member management, and product access. Only one owner is permitted. -
Admin
The admin role possesses extensive administrative capabilities, including managing users and granting product access, but it lacks ownership privileges. -
User
The user role can use the product for which access has been granted without additional rights, such as extensive administrative capabilities or control. The owner or admin can assign any product role in Percy to the user role.
Learn about IAM roles in this guide.
Product roles
BrowserStack provides the following product roles:
- Viewer
- Tester
- Product User
- Product Admin
Product roles are applicable only to products that support them. Learn about product roles in this guide
Access approval flow
Project Management determines whether a user should be granted access to perform specific actions by following a series of checks based on the user’s IAM roles, product roles, and RBAC permissions. This flow applies to the following actions:
- Create Project
- Archive Project
- Unarchive Project
- Rename Project
- Edit Project Description
| Step | Condition | Action |
|---|---|---|
| 1 | User is an IAAM Owner or IAAM Admin | Access is immediately granted |
| 2 | User does not have an IAM role | Check if the user has access to the relevant products. This check applies only to Create Project action. |
| 3 | User has access to all required products | Evaluate RBAC across all linked products |
| 4 | All linked products allow the requested action | Access is granted |
| 5 | Any linked product denies the requested action | Access is not granted. |
- The Create Project action involves an additional product access check before RBAC evaluation.
- Only IAM Owners or IAM Admins can delete a project. No product access or RBAC checks are performed for deletion.
For more details on each product-level RBAC, refer to the following documents:
If User-Defined Access Control (UDAC) is configured as global, all users within the organization can access projects created via the Project Management dashboard. If restricted to a team, only team members who manage or own the project can access it.
We're sorry to hear that. Please share your feedback so we can do better
Contact our Support team for immediate help while we work on improving our docs.
We're continuously improving our docs. We'd love to know what you liked
We're sorry to hear that. Please share your feedback so we can do better
Contact our Support team for immediate help while we work on improving our docs.
We're continuously improving our docs. We'd love to know what you liked
Thank you for your valuable feedback!