This document is specific for the API Monitoring functionality. The Role-Based Access Control feature requires a qualifying plan. Please contact Sales to get started.
Role-based access control (RBAC) is a feature for teams that want to manage user's access to managing, editing, and viewing specific tests, buckets, and account features.
With RBAC you can:
- Allow users to have admin access to team's features such as RBAC itself, File Uploads, or billing details.
- Create a group that only has access to Bucket A and B, but not Bucket C.
- Create separate roles with different levels of access for developers, managers, Q&A, contractors, etc.
How RBAC Works
RBAC in Runscope has three important elements: groups, roles, and permissions.
Groups are a way for team administrators to control team members access to private buckets. For example:
- You can have a group named "Internal", where team members that are part of that group only have access to Runscope buckets that are related to internal APIs.
- You can have another group named "Contractors", where team members only have access to a select number of buckets that they're currently working on.
Buckets are set to public by default after they are created, and can be set to private by accessing the bucket's settings.
Users have a one-to-many relationship, so users can be a part of multiple groups at the same time. If a user is a part of multiple groups, they will have access to all of the buckets that are included in all of the groups they are a part of.
Roles and Permissions
Roles and permissions are a way to organize the level of access each team member can have. For example:
- A user can have a role of "Developer". That user will have a set of permissions that are related to development tasks, such as creating new tests, viewing tests, editing/modifying tests, deleting tests, etc.
- Another user can have a role of "Management". That user will have a set of permissions that allows them to view tests, but doesn't allow them to create or edit new tests. They can view the status and health of any API monitors, but won't be able to make changes to current test configurations.
Each team member can only be assigned one role. Each role can have any combination of permissions enabled. The list of permissions is as follows:
List of Permissions
|View Tests||View all tests within a bucket|
|Execute Tests||Run or cancel tests within a bucket|
|Modify Tests||Create and edit tests within a bucket|
|Delete Tests||Delete tests within a bucket|
|Share Test Results||Share the results of a test|
|Manage Test Schedules||Add, modify, and delete test schedules within a bucket|
|Export Tests||Export tests within a bucket|
|Modify Shared Environments||Add, modify, and delete shared environments within a bucket|
|Add Buckets||Add new buckets|
|Modify Buckets||Modify bucket settings (change name, delete, etc.)|
|Add Connected Service||Add a connected service|
|Delete Connected Service||Delete a connected service|
|Modify Script Libraries||Modify script libraries|
|Delete Script Libraries||Delete script libraries|
|Gateway Agent Authentication||Authorize to sign in via the Gateway Agent|
|Radar Agent Authentication||Authorize to sign in via the Radar Agent|
|View Team Members||View all members of a team|
|Manage Team Members||Add or delete team members|
|Invite Team Members||Invite members to a team|
|Change Team Name||Change team name|
|View Team Usage||View team usage|
|View Team Groups||View group permissions and membership|
|Modify Team Groups||Modify group permissions and membership|
|View Team Secrets||View the list of all sensitive variables|
|Manage Team Secrets||Create, edit, and delete sensitive variables|
|Manage File Uploads||Upload and delete files|
|View Billing||View billing information for a team|
|Manage Billing||Change billing information for a team|
How to Create and Manage Groups
Important: only the team admin or users with Team Group permissions will be able to manage groups.
- After logging in to your Runscope account, click on your profile on the top-right and select Teams & Usage
- On the left-hand side, click on Team Members under the team that you want to manage
- Under the Team Groups section, click on Add New
- Give your group a name and click on Create Group
- Under the Private Buckets section, use the search box to search for private buckets under your account. Click on Add Bucket to add a bucket to the list
- Use the checkbox next to each bucket if you want to remove it from the list
- Under the Members section, add your team members email address that you want to give access to the buckets in the selected user group
- Click on Save at the top to save any changes you make
How to Create and Manage Roles and Permissions
Creating New Roles
- After logging in to your Runscope account, click on your profile on the top-right and select Roles & Permissions
- By default, Runscope creates three groups for every team with the RBAC feature enabled. These are protected roles, and they can't be edited: Administrators, Read-only Members, and User Group
- To create a new role, click on Add Role at the top
- Give the role a name and click on Create Role
- In the new role permissions page, mark the checkbox for each permission you want the new role to have access to
- Click on Save at the top when you're done
Assigning Roles to Team Members
- After logging in to your Runscope account, click on your profile on the top-right and select Team Members
- Under the Team Members section, select the desired role for each user by clicking on the drop-down menu next to their name