Logo

Role-Based Access Control

OpenMeter Cloud supports Role-Based Access Control (RBAC) to control access to your OpenMeter resources.

Principals

Principals are the different actors in the system that can interact with OpenMeter.

Currently, there are two types of principals:

  • User: A user is a human who can interact with OpenMeter through the web interface.
  • API Token: API tokens are used to authenticate requests to the OpenMeter API.

Roles

There are two roles defined in OpenMeter:

  • Read and write: Principals with this role can read and write to OpenMeter resources.
  • Read only: Principals with this role can only read OpenMeter resources.

A third role, Admin, is only available to users. Admins can assign roles to other users.

Assigning roles to users

Admins can manage user roles through the OpenMeter web interface. To assign a role to a user, follow these steps:

  1. Log in to OpenMeter.
  2. Go to Settings in the left sidebar.
  3. Go to Members in settings.
  4. Assign a role to the user by clicking the Role dropdown.

You can also assign roles to users when inviting them to your organization on the Invitations tab.

Assigning roles to API tokens

You can assign roles to API tokens when creating them through the OpenMeter web interface.