Role-Based Access Control
OpenMeter Cloud supports Role-Based Access Control (RBAC) to control access to your OpenMeter resources.
Learn more about how OpenMeter protects your data at our security page.
Principals
Principals are the different actors in the system that can interact with OpenMeter.
Currently, there are two types of principals:
- User: A user is a human who can interact with OpenMeter through the web interface.
- API Token: API tokens are used to authenticate requests to the OpenMeter API.
Roles
There are three roles defined in OpenMeter:
- Read only: Principals with this role can only read OpenMeter resources.
- Read and write: Principals with this role can read and write to OpenMeter resources.
- Restricted: Fine grained access control for specific resources.
A third role, Admin, is only available to users. Admins can assign roles to other users.
Assigning roles to users
Admins can manage user roles through the OpenMeter web interface. To assign a role to a user, follow these steps:
- Log in to OpenMeter.
- Go to
Settings
in the left sidebar. - Go to
Members
in settings. - Assign a role to the user by clicking the
Role
dropdown.
You can also assign roles to users when inviting them to your organization on
the Invitations
tab.
Fine Grained Access Control
Fine grained acccess control requires an Enterprise plan.
Fine grained access control allows you to control access to specific resources for example you can create ingest only API tokens or read only users.
OpenMeter supports fine grained access control for the following resources:
Resource Type | Permissions |
---|---|
Metering | |
Event | Read Only, Write Only, Read & Write |
Meter | Read Only, Read & Write |
Subject | Read Only, Read & Write |
Portal | Read Only, Read & Write |
Product Catalog | |
Feature | Read Only, Read & Write |
Plan | Read Only, Read & Write |
Billing | |
Subscription | Read Only, Read & Write |
Billing | Read Only, Read & Write |
Customer | Read Only, Read & Write |
Billing Profile | Read Only, Read & Write |
Invoice | Read Only, Read & Write |
Entitlements | |
Entitlement | Read Only, Read & Write |
Notifications | |
Notification | Read Only, Read & Write |
Integrations | |
App | Read Only, Read & Write |
Usage Sync | Read Only, Read & Write |
Debug | |
Debug | Read Only, Read & Write |
Admin | |
Token | Read Only, Read & Write |
Organization | Read Only, Read & Write |