Skip to main content
Roles are collections of permissions that define what actions users can perform. Assign roles to users directly or through groups.

System vs Custom Roles

  • System Roles: Pre-defined by ShiftLabs. Cannot be modified or deleted.
  • Custom Roles: Created by your organization. Fully customizable.

How to Create a Custom Role

1

Open Create Panel

Go to Access Management → Roles and click Create Role.
2

Enter Role Details

  • Role Key (required): Unique identifier (lowercase, dashes allowed). Cannot be changed later.
  • Display Name (required): Friendly name shown in the UI.
  • Description (optional): Explain the role’s purpose.
3

Select Permissions

Click the Permissions tab. The tree shows:
  • Services (e.g., KodeInfra, IAM, CI/CD)
    • Resources (e.g., Cluster, Pipeline)
      • Permissions (e.g., Read, Write, Delete)
Check a service to select all its permissions, or expand to pick individual ones.
4

Save

Click Create Role. The role is now available to assign.

How to Edit a Role

1

Open Role

Go to Access Management → Roles and click on the role.
2

Modify Details or Permissions

  • Details tab: Update display name or description
  • Permissions tab: Check/uncheck permissions
3

Save

Click Save Details or Save Permissions.
System roles cannot be edited. Create a custom role with similar permissions instead.

How to Delete a Role

1

Open Role

Go to Access Management → Roles and click on the custom role.
2

Delete

Scroll to Danger Zone and click Delete.
3

Confirm

Confirm the deletion. All users and groups with this role will lose its permissions.
System roles cannot be deleted.

How to Assign Roles

To a user:
  1. Go to Access Management → Users → click user → Roles tab
  2. Check the roles to assign
  3. Click Save Changes
To a group:
  1. Go to Access Management → Groups → click group → Roles tab
  2. Check the roles to assign
  3. Click Save Changes
All group members inherit the roles immediately.
Prefer assigning roles to groups rather than individual users for easier management.

Troubleshooting

It’s likely a System Role (indicated by lock icon). System roles cannot be modified. Create a custom role instead.
  1. Check if the correct role is assigned (directly or via group)
  2. Verify the role includes the required permissions
  3. Remember: permissions combine from all roles
Keys must be unique. Try: developer-2, k8s-admin-team-a, custom-viewer

FAQ

Yes. Permissions from all roles are combined.
All users and groups lose that role’s permissions immediately.
No. The key is permanent. You can change the display name anytime.
Yes. Permission changes take effect immediately for all affected users.
Permissions are combined (union). No conflict—users get all permissions from all their roles.