This guide is applicable to Dagster Cloud.
In this guide, we'll walk you through adding, removing, and assigning user roles to users in Dagster Cloud.
Organization Admin or Admin permissions are required to add or remove users in Dagster Cloud.
Before you start, note that:
Users are managed on a per-deployment basis. Organization Admins are the exception and have access to the entire organization.
For example, if you have two full deployments (prod
and dev
), users who aren't Organization Admins must be added to each deployment to have access.
If using Google for SSO, users must be added in Dagster Cloud before they can log in.
If using a SAML-based solution like Okta, users must be assigned to the Dagster app in the SSO portal to log in. By default, users will be granted Viewer permissions on each deployment. The default role can be adjusted by modifying the sso_default_role
deployment setting.
To add a new user to a deployment:
Sign in to your Dagster Cloud account.
Click the user menu (your icon) > Cloud Settings.
Fill in the following:
For example:
Click + Add.
To remove a user from a deployment:
Note: This won't remove users from other deployments. For example, if a user has been added to both prod
and dev
but only removed in prod
, they'll still be a user in dev
.
With the exception of the Organization Admin role, user roles are set on a per-deployment basis and enforced both in Dagster Cloud and the GraphQL API.
Dagster Cloud currently includes support for four levels of role-based access control:
Viewer | Editor | Admin | Organization Admin | |
---|---|---|---|---|
GENERAL | ||||
Launch, re-execute, terminate, and delete runs of jobs | N | Y | Y | Y |
Start and stop schedules | N | Y | Y | Y |
Start and stop sensors | N | Y | Y | Y |
Wipe assets | N | Y | Y | Y |
Launch and cancel backfills | N | Y | Y | Y |
DEPLOYMENTS | ||||
View deployments | Y | Y | Y | Y |
Modify deployment settings | N | Y | Y | Y |
Create and delete deployments | N | N | N | Y |
CODE LOCATIONS | ||||
View code locations | Y | Y | Y | Y |
Create and remove code locations | N | Y | Y | Y |
Reload code locations and workspaces | N | Y | Y | Y |
AGENT TOKENS | ||||
View agent tokens | N | Y | Y | Y |
Create agent tokens | N | Y | Y | Y |
Edit agent tokens | N | Y | Y | Y |
Revoke agent tokens | N | Y | Y | Y |
USER TOKENS | ||||
View and create own user tokens | N | Y | Y | Y |
List all user tokens | N | N | Y | Y |
Revoke all user tokens | N | N | Y | Y |
USER MANAGEMENT | ||||
View users | N | Y | Y | Y |
Create users | N | Y | Y | Y |
Edit users | N | N | Y | Y |
Remove users | N | N | Y | Y |
WORKSPACE ADMINISTRATION | ||||
Manage alerts | N | Y | Y | Y |
Edit workspace | N | Y | Y | Y |
Administer SAML | N | N | N | Y |
View usage | N | N | N | Y |
Manage billing | N | N | N | Y |