Introducing Predefined Roles: Strengthen Your Role-Based Access Control (RBAC) With Three New Roles

Today, we’re excited to announce the progressive rollout of three new predefined roles for DigitalOcean’s Role-Based Access Control (RBAC) offering. Now available in the DigitalOcean cloud console, these three roles will help you to enhance your infrastructure security, granularize control over DigitalOcean resources, and help reduce the risk of exposure.

Please note, that to help ensure users can confidently manage team member permissions without disruptions as they start using predefined roles, we’re gradually rolling out this new feature to eventually reach all customers.

Without sufficient Identity Access Management (IAM) and Role-Based Access Control (RBAC), your organization may face several challenges related to security, inefficiencies, and manual administration of user permissions. For example, your organization could encounter any or all of the following challenges:

• Employees have excessive access privileges, leading to potential security risks, vulnerabilities, and exposures.

• When team members change roles or departments, updating their access rights is a manual and error-prone process.

• As your organization grows, delayed access provisioning can frustrate users, cause downtime, and impact security.

This is where DigitalOcean’s new predefined roles come in. In addition to the existing roles of Owner, Member, and Biller, DigitalOcean now offers three new roles in our cloud console:

1. Modifier: Permits users to update but does not allow them to delete resources. This role is ideal for teams who wish to protect sensitive resources from deletion while still allowing members to manage them.

2. Billing viewer: Permits read-only access to billing information only, giving users insight into billing details for cost analysis, transparency, and governance without exposing sensitive operational controls

3. Resource viewer: Permits read-only access to resources, ideal for audit or compliance purposes. Users with this role will not have permission to create, update, or delete resources.

With these new roles, customers can further granularize their Role-Based Access Control by specifying which employees have access to certain DigitalOcean resources, what they can do with those resources, and what areas they have access to. These new predefined roles give your overall Identity Access Management and Role-Based Access Control protocols a wealth of benefits:

1. Enhanced security: RBAC helps to protect against unauthorized access and potential security breaches by helping to ensure that only verified users can access sensitive resources, resulting in enhanced security.

2. Operational efficiency: Leverage RBAC to streamline user provisioning and de-provisioning, helping to reduce the manual workload for IT administrative staff and minimizing human errors.

3. Improved compliance: Organizations can use RBAC as a tool to better meet regulatory requirements. This allows for easy setup and demonstration of who has access to which resources, aiding in compliance reporting, and helping to reduce the risk of non-compliance penalties.

4. Cost savings: RBAC helps to lower administrative overhead by automating user management tasks and reducing the need for IT support. IAM can also help to minimize the financial impact of security breaches and compliance violations through enhanced security measures.

5. Role adaptability: With RBAC, organizations can easily adapt to organizational changes, allowing for quick adjustments to roles and permissions as job functions evolve. It also allows for more granular control over who can access specific resources and perform specific actions, providing flexibility to meet diverse needs.

6. Simplified administration. Managing user access is more streamlined with RBAC. Instead of adjusting permissions for each user individually, administrators can simply assign or modify roles, helping to save time and reducing the likelihood of errors.

Invite a team member and change their role with just a couple clicks

Inviting people and users to your team is incredibly simple, and done in the cloud console. We’ve put together a quick demonstration for you on YouTube, which you can check out here:

If you prefer to read the instructions, we got you covered. To invite more people to the team, click the Invite Team Members button from Settings. In the Invite team members experience, you are now able to also select the role to assign the invited team member. Enter the email addresses of the people you want to invite and their associated role, then click Send Invites to send an invitation email.

When someone has not accepted their invitation to the team, the Status column lists them as pending. The “…” menu for pending team members has two options:

• Resend email sends the invitation to join the team again.

• Cancel invite revokes the invitation to join the team.

Once you have all of your team members, you can also easily change their role. After the user accepts their invitation to the team, the Status column lists them as “joined.” The “…” menu for joined team members has two options:

• Change roles lets you change the member’s team role. With new predefined roles, you can now change their role to a Owner, Member, Biller, Modifier, Resource viewer, or Billing viewer.

• Remove member removes the member from the team, which removes their control panel and API access.

Get started with DigitalOcean Predefined Roles and Role-Based Access Control

• Start building with DigitalOcean today by signing up for a cloud account.

• View our RBAC product documentation to learn more about the new roles.

• Learn more about the power of RBAC and other Identity and Access Management tools.

• Contact our sales team or connect with a DigitalOcean partner who can help advise you on migration, architecture reviews, deployments, and other infrastructure assistance.