Role-Based Access Control

OpenMeter Cloud supports Role-Based Access Control (RBAC) to control access to your OpenMeter resources.

Learn more about how OpenMeter protects your data at our security page.

#Principals

Principals are the different actors in the system that can interact with OpenMeter.

Currently, there are two types of principals:

• User: A user is a human who can interact with OpenMeter through the web interface.
• API Token: API tokens are used to authenticate requests to the OpenMeter API.

#Roles

There are three roles defined in OpenMeter:

• Read only: Principals with this role can only read OpenMeter resources.
• Read and write: Principals with this role can read and write to OpenMeter resources.
• Restricted: Fine grained access control for specific resources.

A third role, Admin, is only available to users. Admins can assign roles to other users.

#Assigning roles to users

Admins can manage user roles through the OpenMeter web interface. To assign a role to a user, follow these steps:

1. Log in to OpenMeter.
2. Go to Settings in the left sidebar.
3. Go to Members in settings.
4. Assign a role to the user by clicking the Role dropdown.

You can also assign roles to users when inviting them to your organization on the Invitations tab.

#Fine Grained Access Control

Fine grained access control allows you to control access to specific resources for example you can create ingest only API tokens or read only users.

OpenMeter supports fine grained access control for the following resources: