RBAC

Role-Based Access Control for managing permissions across your organization.

Note:

Advanced RBAC features are coming soon. Basic role management is currently available.

RBAC (Role-Based Access Control) manages who can do what within Lasius. Permissions are assigned through roles rather than directly to users.

How RBAC Works

  1. Roles define a set of permissions
  2. Users are assigned roles
  3. Permissions control what actions are allowed

Role Hierarchy

Organization Roles

RoleDescriptionKey Permissions
OwnerOrganization creatorFull control, billing, delete org
AdminOrganization managerManage users, workspaces, settings
MemberStandard userAccess assigned workspaces

Workspace Roles

RoleDescriptionKey Permissions
OwnerWorkspace creatorFull control, delete workspace
AdminWorkspace managerManage members, settings
EditorContent creatorCreate, edit workflows
ViewerRead-only accessView workflows and runs

Permission Matrix

ResourceOrg OwnerOrg AdminWS OwnerWS EditorWS Viewer
OrganizationCRUDRURRR
WorkspaceCRUDCRUDCRUDRR
User ManagementCRUDCRUDCRUD--
WorkflowCRUDCRUDCRUDCRUDR
TeamCRUDCRUDCRUDCRUDR
AgencyCRUDCRUDCRUDCRUDR
Knowledge BaseCRUDCRUDCRUDCRUDR
MCP ServerCRUDCRUDCRUDCRUDR
GuardrailsCRUDCRUDCRUDRR
Secrets/VariablesCRUDCRUDCRUDRU-
BillingCRUDR---

Legend: C=Create, R=Read, U=Update, D=Delete, -=No Access

Assigning Roles

At Organization Level

  • Org owners can assign org roles
  • Determines what users can do across the organization

At Workspace Level

  • Workspace admins assign workspace roles
  • Controls permissions within that specific workspace

Best Practices

  • Principle of least privilege — Give minimum required access
  • Regular audits — Review role assignments periodically
  • Use groups — Assign roles to groups for easier management (coming soon)
  • Document policies — Maintain clear access policies

Coming Soon

  • Custom role definitions
  • Fine-grained permissions
  • Role inheritance
  • Permission groups
  • Audit logging for access changes