We’re rolling out updates to Semaphore’s Role-Based Access Control (RBAC) that add project-specific roles, user groups, and the option to include external collaborators who aren’t on GitHub or Bitbucket.
Previous RBAC Setup
Previously, Semaphore synced directly with GitHub and Bitbucket. If you were part of an organization or any projects on these platforms, you automatically had access to all its projects on Semaphore with the same level of permissions. This setup didn’t allow for different access levels; if you had access, you had full control.
New RBAC Setup
ποΈ Project Roles and User Groups
Now, you can assign specific roles at the project level, such as Reader, Contributor and Admin:
- Reader: Readers can access the project page, view workflows, their results, and job logs. However, they cannot make any modifications within the project.
- Contributor: Can view, rerun, change workflows and ssh into jobs. Can promote and view insights, schedulers, etc.
- Admin: Admins have the authority to modify any setting within the projects, including the ability to add new individuals, remove them, or even delete the entire project.
This means you can set up access based on what team members need to do, like giving deployment permissions to team leads or read-only access to CFOs for billing info.
User groups let you organize team members into categories and manage their permissions collectively at the project level. This setup allows you to apply access controls to groups instead of individual users. Itβs practical for larger teams or projects where similar roles need consistent access, helping you maintain a clean permission structure throughout your project.
π₯ Adding External Collaborators
A key update is the ability to add users to projects even if they aren’t part of your GitHub or Bitbucket organizations. This is great if you want to give your CFO read only access to billing or assign engineering managers the ability to oversee deployments.
π Continued Integration with GitHub
We’re still syncing permissions with GitHub and Bitbucket. You can keep using Semaphore as you always have while taking advantage of these new features.
Why This Matters
With these updates, you can better control who accesses your projects and what they can do and you can also organize them in groups.
This is particularly useful for larger teams or when roles vary widely across different projects.
Conclusion
ππ§ These updates to Semaphore’s RBAC make it easier to manage who can access and control your projects. They help you improve security by allowing more precise access settings.
Check out these new features by signing up or upgrading your Semaphore plan and check our π documentation.
Follow our YouTube π₯ channel for future videos and join our Discord π’ to give us feedback and suggestions!
