Custom RBAC roles¶
Custom role-based access control (RBAC) roles are a solution for organizations with use cases that are not addressed by default roles in DataRobot. System and organization administrators can create roles and define access at a more granular level, and assign them to users and groups. You can access custom RBAC roles from User Settings > User Roles.
The User Roles page lists each available role an admin can assign to a user in their organization, including DataRobot default roles. Before creating a custom role, review the considerations.
Create custom roles¶
To create a new role, click + Add a user role. Enter a name for the role and assign permissions.
DataRobot features are listed on the left, and role access options—read, write, admin, and entity-specific permissions—are listed on the right. Select an object, then select an access level for the object under Permissions.
Manage roles¶
Unlike default DataRobot roles, you can edit and delete any custom role created for an organization from the User Roles page. To determine if a role can be modified, refer to the Custom Role column; default roles display Yes and custom roles display No.
From this page, you can:
| Element | Description | |
|---|---|---|
| 1 | Edit | Select a custom user role to modify its permissions. |
| 2 | Duplicate | Click the duplicate icon and name the new role, then select the role to modify permissions. |
| 3 | Delete | Click the Menu icon and select Delete. If the role is currently assigned to a user, a warning message appears before deleting the role. |
Feature considerations¶
- The RBAC feature flag must be enabled.
- When system administrators create a custom role, the role is enabled system-wide across all organizations. When organization administrators create a custom role, the role is only enabled for that organization.
- The feature flag for custom roles must be enabled system- or org-wide.
- Feature flags cannot be configured through roles.
- Multiple roles cannot be assigned to a user/group/organization at this time.