Roles and permissions

Enkryptify uses role-based access control (RBAC) to determine what each workspace member can do. Every member is assigned a role, and optionally a scope that restricts which teams, projects and environments they can access.

Roles

There are three roles, each with a fixed set of permissions:

Admin

Full control over the workspace. Admins can manage members, teams, projects, secrets and workspace settings.

Developer

Can manage secrets but cannot change workspace settings, manage members or modify teams and projects. Developers have full read and write access to secrets within their scope.

Member

Read-only access. Members can view teams, projects and secrets but cannot create, update or delete anything.

Permissions table

Resource	Admin	Developer	Member
Workspace	Full access	Read	Read
Members	Full access	No access	No access
Teams	Full access	Read	Read
Projects	Full access	Read	Read
Secrets	Full access	Full access	Read
Syncs	Full access	No access	No access

Scope

Roles define what a member can do. Scope defines where they can do it. By default, members have access to all teams, projects and environments in the workspace. You can restrict this by assigning a scope that limits access to specific teams, projects or environments. See Scoped Access for details on how scoping works.

Getting Started

Platform

Access Control

Security

Self-Hosting

Resources

Roles

Admin

Developer

Member

Permissions table

Scope

Getting Started

Platform

Access Control

Security

Self-Hosting

Resources

​Roles

​Admin

​Developer

​Member

​Permissions table

​Scope

Roles

Admin

Developer

Member

Permissions table

Scope