- 18 Feb 2024
- 2 Minutes to read
- DarkLight
User roles
- Updated on 18 Feb 2024
- 2 Minutes to read
- DarkLight
Users are granted access to platform components and actions based on their assigned roles. This is commonly known as role-based access control (RBAC). Torq provides several preconfigured roles: Viewer, Operator, Creator, Contributor, and Owner. Additional roles are available in workspaces that have case management: Cases Viewer and Cases Analyst.
Torq RBAC supports flexible claim-based access control where access can be managed as a policy. Some common access controls include read/write/execute permissions for secrets, integrations, events, workflows, and so on.
RBAC is unique to each Torq workspace. This means that if a user exists on multiple workspaces, their assigned role is defined per workspace.
To manage users and roles, go to Settings > Users.
- You can add custom roles to your workspace. Contact Torq support for more information.
- If case management is available in your workspace, there are additional roles and scopes that apply.
Viewer role
View-only access to Torq.
Permission | Scope |
---|---|
View existing workflows | playbook.get |
List existing workflows | playbook.list |
View activity log data | event.read |
View integration data | integration.read |
View step execution data | step.read |
View existing workspace variables | workspace.variables.read |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
Operator role
Viewer + trigger workflows.
Permission | Scope |
---|---|
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
View step execution data | step.read |
Run steps | step.execute |
View activity log data | event.read |
View integration data | integration.read |
View existing workspace variables | workspace.variables.read |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
Creator role
Operator + create and modify workflows and integrations.
Permission | Scope |
---|---|
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
Create workflows | playbook.write |
View step execution data | step.read |
Add steps to workflows | step.write |
Run steps | step.execute |
View integration data | integration.read |
Create integrations | integration.write |
View personal API keys | apikey.read |
Create personal API keys | apikey.write |
View workspace members list | user.read |
View activity log data | event.read |
Change secret values | secret.write |
View existing workspace variables | workspace.variables.read |
Create workspace variables | workspace.variables.write |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
View the Cases page (relevant only in workspaces where case management is enabled) | cases.page.view |
Configure case management (relevant only in workspaces where case management is enabled) | case management scopes |
Contributor role
Creator + publish workflows.
Permission | Scope |
---|---|
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
Create workflows | playbook.write |
View step execution data | step.read |
Add steps to workflows | step.write |
Run steps | step.execute |
Publish workflows | playbook.publish |
View integration data | integration.read |
Create integrations | integration.write |
View personal API keys | apikey.read |
Create personal API keys | apikey.write |
View list of users on the workspace | user.read |
View activity log data | event.read |
Change secret values | secret.write |
View existing workspace variables | workspace.variables.read |
Create workspace variables | workspace.variables.write |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
View the Cases page (relevant only in workspaces where case management is enabled) | cases.page.view |
Configure case management (relevant only in workspaces where case management is enabled) | case management scopes |
Owner role
Contributor + manage users and SSO.
Permission | Scope |
---|---|
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
Create workflows | playbook.write |
Publish workflows | playbook.publish |
View step execution data | step.read |
Add steps to workflows | step.write |
Run steps | step.execute |
View integration data | integration.read |
Create integrations | integration.write |
View personal API keys | apikey.read |
Create personal API keys | apikey.write |
View list of users on the workspace | user.read |
Modify user data | user.write |
Create support tickets | support.write |
List audit logs | audit.read |
View activity log data | event.read |
Change secret values | secret.write |
View existing workspace variables | workspace.variables.read |
Create workspace variables | workspace.variables.write |
Modify the organization settings | organizations.read |
View the organization settings | organizations.write |
Modify the workspace settings | accounts.read |
View the workspace settings | accounts.write |
Share resources with other workspaces | resource.share |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
View the Cases page (relevant only in workspaces where case management is enabled) | cases.page.view |
Configure case management (relevant only in workspaces where case management is enabled) | case management scopes |
Cases Viewer role
View-only access to Torq case management, including cases and observables. Review the scopes assigned to the Cases Viewer role.
Cases Analyst role
Perform actions on cases but not modify case management configurations. Review the scopes assigned to the Cases Analyst role.