Logo

Role-Based Access Control

OpenMeter Cloud supports Role-Based Access Control (RBAC) to control access to your OpenMeter resources.

Learn more about how OpenMeter protects your data at our security page.

Principals

Principals are the different actors in the system that can interact with OpenMeter.

Currently, there are two types of principals:

  • User: A user is a human who can interact with OpenMeter through the web interface.
  • API Token: API tokens are used to authenticate requests to the OpenMeter API.

Roles

There are three roles defined in OpenMeter:

  • Read only: Principals with this role can only read OpenMeter resources.
  • Read and write: Principals with this role can read and write to OpenMeter resources.
  • Restricted: Fine grained access control for specific resources.

A third role, Admin, is only available to users. Admins can assign roles to other users.

Assigning roles to users

Admins can manage user roles through the OpenMeter web interface. To assign a role to a user, follow these steps:

  1. Log in to OpenMeter.
  2. Go to Settings in the left sidebar.
  3. Go to Members in settings.
  4. Assign a role to the user by clicking the Role dropdown.

You can also assign roles to users when inviting them to your organization on the Invitations tab.

Fine Grained Access Control

Enterprise Feature

Fine grained acccess control requires an Enterprise plan.

Fine grained access control allows you to control access to specific resources for example you can create ingest only API tokens or read only users.

OpenMeter supports fine grained access control for the following resources:

Resource TypePermissions
Metering
EventRead Only, Write Only, Read & Write
MeterRead Only, Read & Write
SubjectRead Only, Read & Write
PortalRead Only, Read & Write
Product Catalog
FeatureRead Only, Read & Write
PlanRead Only, Read & Write
Billing
SubscriptionRead Only, Read & Write
BillingRead Only, Read & Write
CustomerRead Only, Read & Write
Billing ProfileRead Only, Read & Write
InvoiceRead Only, Read & Write
Entitlements
EntitlementRead Only, Read & Write
Notifications
NotificationRead Only, Read & Write
Integrations
AppRead Only, Read & Write
Usage SyncRead Only, Read & Write
Debug
DebugRead Only, Read & Write
Admin
TokenRead Only, Read & Write
OrganizationRead Only, Read & Write