15 Apr 2024 Β· Semaphore News

    Announcing RBAC Enhancements – Project Roles and Groups

    3 min read

    We’re rolling out updates to Semaphore’s Role-Based Access Control (RBAC) that add project-specific roles, user groups, and the option to include external collaborators who aren’t on GitHub or Bitbucket.

    Previous RBAC Setup

    Previously, Semaphore synced directly with GitHub and Bitbucket. If you were part of an organization or any projects on these platforms, you automatically had access to all its projects on Semaphore with the same level of permissions. This setup didn’t allow for different access levels; if you had access, you had full control.

    New RBAC Setup

    πŸ—‚οΈ Project Roles and User Groups

    Now, you can assign specific roles at the project level, such as Reader, Contributor and Admin:

    • Reader: Readers can access the project page, view workflows, their results, and job logs. However, they cannot make any modifications within the project.
    • Contributor: Can view, rerun, change workflows and ssh into jobs. Can promote and view insights, schedulers, etc.
    • Admin: Admins have the authority to modify any setting within the projects, including the ability to add new individuals, remove them, or even delete the entire project.

    This means you can set up access based on what team members need to do, like giving deployment permissions to team leads or read-only access to CFOs for billing info.

    Changing role on project.

    User groups let you organize team members into categories and manage their permissions collectively at the project level. This setup allows you to apply access controls to groups instead of individual users. It’s practical for larger teams or projects where similar roles need consistent access, helping you maintain a clean permission structure throughout your project.

    Adding groups to project.

    πŸ‘₯ Adding External Collaborators

    A key update is the ability to add users to projects even if they aren’t part of your GitHub or Bitbucket organizations. This is great if you want to give your CFO read only access to billing or assign engineering managers the ability to oversee deployments.

    πŸ”„ Continued Integration with GitHub

    We’re still syncing permissions with GitHub and Bitbucket. You can keep using Semaphore as you always have while taking advantage of these new features.

    Why This Matters

    With these updates, you can better control who accesses your projects and what they can do and you can also organize them in groups.

    This is particularly useful for larger teams or when roles vary widely across different projects.


    πŸš€πŸ”§ These updates to Semaphore’s RBAC make it easier to manage who can access and control your projects. They help you improve security by allowing more precise access settings.

    Check out these new features by signing up or upgrading your Semaphore plan and check our πŸ“š documentation.

    Follow our YouTube πŸŽ₯ channel for future videos and join our Discord πŸ“’ to give us feedback and suggestions!

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Bostjan Cigan
    Writen by:
    A Senior Engineer with a passion for community building and knowledge sharing.