Join CircleCI, Incident.io, and Jellyfish in our LIVE discussion: RSVP to save your spot!

Share this
Table of contents
 link
 
Resources
Blog

Unlock New RBAC Powers: Introducing the 'Team Member' Role in OpsLevel

Unlock New RBAC Powers: Introducing the 'Team Member' Role in OpsLevel
Megan Dorcey
|
June 18, 2024
Unlock New RBAC Powers: Introducing the 'Team Member' Role in OpsLevel

At OpsLevel, we're always striving to improve the functionality and flexibility of our Internal Developer Portal (IDP) to meet the evolving needs of engineering teams. We're excited to announce the launch of a new Role-Based Access Control (RBAC) feature: the Team Member role. This addition is designed to enhance team collaboration and streamline service management, all while ensuring robust security and control.

What is the Team Member Role?

The Team Member role in OpsLevel merges ownership information from the catalog into the authorization system. Here's how it works:

  • On a Team That Owns a Service? You can edit it.
  • Not on a Team That Owns a Service? You can’t edit it.

This authorization scheme respects the recursive nature of teams.  If you’re a member of a parent team, you can edit services owned by any child team. For example, if you're a member of the Platform Team, which is a parent team to the API Team, you are able to modify services owned by both the Platform and API teams. However, if you are only a member of the API Team, you can't make changes to services owned by the Platform Team.

This distinction addresses a common Admin concern: preventing "drive-by" edits to services. With the Team Member role, only those who own a service can make changes, ensuring accountability and reducing the risk of unintended (or malicious) modifications.

A quick overview of the roles within OpsLevel—to see all capabilities, check out the docs.

Why is Robust RBAC Important in an IDP?

Role-Based Access Control (RBAC) is essential for maintaining security and operational efficiency. By restricting access based on roles, RBAC ensures that only authorized users can perform specific actions, thereby protecting sensitive information and ensuring compliance with internal and external policies. Additionally, clear role definitions streamline workflows by assigning the right level of access to the appropriate people, reducing bottlenecks and enhancing overall productivity.

According to Gartner, "By 2025, 99% of cloud security failures will be the customer’s fault." Implementing strong RBAC policies is a proactive step in reducing this risk, ensuring that permissions are granted appropriately and actions are traceable.

OpsLevel vs. Competitors

OpsLevel's new Team Member role provides granular control over who can edit services, something our many of our competitors simply don't offer - instead only focusing on broad, admin-level controls. Scoping a team member's activity to only their team's services is crucial for maintaining order and security within large, complex engineering organizations.

Use Cases for the Team Member Role

  1. Service Ownership and Accountability: Teams that own services can edit them, ensuring that only those responsible for a service can make changes, fostering accountability.
  2. Cross-Team Collaboration: Developers from other teams can view services but cannot make changes, preventing accidental modifications and maintaining the integrity of the system.
  3. Streamlined Change Processes: With clear roles and permissions, code changes and fixes, as there’s no confusion over who has the authority to make changes.

Implementing the Team Member Role

Implementing the Team Member role is straightforward. By default, users provisioned through SCIM or SSO will receive the role of Team Member. Admins can modify the default role for their account in the Roles & Permissions section of the OpsLevel platform.

Enhancing our robust RBAC capabilities

The new Team Member role is an added bonus to our existing roles:

  • Admin: Can modify everything within the portal
  • Standards Admin: Can create Scorecards, Rubrics, Checks, and Campaigns
  • User:  Can modify all service and team metadata
  • Team Member: Can only modify the services they own

For more information on setting up and managing roles, please refer to our documentation.

The introduction of the Team Member role is a significant step forward in enhancing the functionality and security of OpsLevel’s IDP. By providing more precise control over who can make changes to services, we’re helping engineering teams work more efficiently and securely.

Ready to see the Team Member role in action? Book a call with our team to get your hands on OpsLevel today.

More resources

Blog
September 5, 2024
by
Megan Dorcey
Introducing Customizable Team Pages: Your New Developer Home Base

Looking for a tailored homepage for your team that focuses only on what matters most? The new Customizable Team Pages in OpsLevel allow you to bring data from your software ecosystem—and tool stack into one single pane of glass.

Blog
August 8, 2024
by
Megan Dorcey
A Service Catalog Doesn't Tell the Whole Story

Getting services cataloged is crucial to gaining visibility into your software ecosystem, but it only tells part of the story. A catalog that only houses services is like having a manual for your car that only has 50% of the motor documented. To be prepared for outages, streamline operations, or reorganize your teams, you need the entirety of your software ecosystem visible in one place.

Blog
June 3, 2024
by
Rebecca Carter
May Release Notes

All of the latest features and updates released in May.

Subscribe
Join our newsletter to stay up to date on features and releases.
By subscribing you agree to with our Privacy Policy and provide consent to receive updates from our company.
SOC 2AICPA SOC
Product
Software catalogMaturityIntegrationsSelf-serviceBook a meeting
Company
About usCareersContact usCustomersPartnersSecurity
Resources
DocsEvents
Blog
Demo
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Data Processing Agreement for more information.
Okay!