DigitalOcean

Help secure your infrastructure with robust identity and access management

With the help of identity and access management tools, help ensure only authorized users can access your critical resources, simplify operational processes, and support compliance.

Get started

Granularize Role-Based Access Control (RBAC) Management with new predefined roles

With new predefined roles in the DigitalOcean cloud console, enhance your RBAC management while continuing to easily control cloud resource permissions.

Read more in our blog announcement

Safeguard your cloud resources

Enhance security with permission and access management

Grant access to certain resources only to authorized individuals, helping to reduce the risk of unauthorized access and helping to protect against security breaches.

Improve compliance to help meet regulatory requirements

Leverage identity access management tools to enforce policies that help to meet regulatory requirements and support compliance with industry standards regarding data protection and privacy.

Ramp up efficiency with streamlined operational processes

Streamline processes such as user provisioning, access requests, and access revocation to help reduce administrative overhead and improve overall operational efficiency.

Secure workflows with custom scopes for API tokens and OAuth applications

Create personal access tokens that grant only necessary permissions, helping to support optimal security and compliance by defining specific actions each token can perform.

Check out our product documentation

Improved security

Specifying explicit permissions on an API token helps prevent unwanted actions on resources and limits the damage an unintended operation can do.

Tighter user access

Move away from globally scoped, super admin tokens and embrace the principle of least privilege access.

Grant more specific permissions with API Personal Access Tokens

Help secure your workflows by granting specific tokens only the necessary permissions and restricting access to other resources and actions.

Explore our custom scope product documentation

Take a closer look at our look API documentation for custom scopes for API tokens and OAuth applications.

Learn more

Manage cloud resource permissions with Role-Based Access Control

With the introduction of predefined roles, easily manage who has access to your cloud resources, what resources they have access to, and how they can engage with these resources.

Read our product documentation

Reduced risk of security breach

RBAC helps to ensure that users only have access to the information and resources necessary for their role, decreasing the risk of unauthorized access and potential security breaches. By restricting access based on roles, organizations can better protect sensitive data.

Improved compliance and auditability

By providing clear, manageable, and auditable access controls, RBAC helps organizations meet regulatory requirements more effectively. This simplifies the process of demonstrating compliance with industry standards and regulations during audits.

Simplified access management

RBAC streamlines the process of assigning and managing user permissions, reducing the administrative burden on IT departments. By defining roles and assigning users to these roles, organizations can quickly and efficiently manage access rights, leading to improved productivity and reduced errors.

Resources hub

Dive into the details

Explore our product documentation to read up on features, team roles, and possible modifications to your roles.

Go to RBAC product docs

World-class support

Superior support services are designed to meet your needs, whether you are a startup, an independent software vendor (ISV), or anything in between.

Get help

Frequently asked questions

What is Role-Based Access Control Management?

Role-Based Access Control Management is a method of controlling access to systems and resources by assigning permissions based on user's roles within an organization, aligning access with job functions and responsibilities.

What is a predefined role in role-based access control management?

A predefined role is a set of permissions that defines what actions users can or cannot perform.

What roles are available today within the DigitalOcean cloud console?
The following roles are now available:
  1. Owner: The Owner role grants full administrative control over an entire team and its resources.
  2. Member: The Member role grants full administrative control over the resources within a team, but does not not permit access to billing details or team settings.
  3. Modifier: The Modifier role permits users to update but does not allow them to delete resources. This role is ideal for teams who wish to protect sensitive resources from deletion while still allowing members to manage them.
  4. Biller: The Biller role grants full administrative control over billing related information and does not allow control over team settings.
  5. Billing Viewer: The Billing Viewer role permits read-only access to billing information only, giving users insight into billing details for cost analysis, transparency and governance without exposing sensitive operational controls.
  6. Resource Viewer: The Viewer role permits read-only access to resources, ideal for audit or compliance purposes. Users with this role will not have permission to create, update, or delete resources.
When should I use predefined roles?
DigitalOcean recommends always enforcing the principle of least privilege wherever, and as often, as possible. Predefined roles are recommended for all customers to use and deploy based on the operational requirements of their team.
What are the ideal use cases for predefined roles?
Predefined roles are a simple way to enforce the desired level of privilege for users based on their functional roles within the team. It is a helpful, simple alternative to having to customize Custom Scopes for API Tokens usage. Additionally, panel-only users will welcome predefined roles given its availability in the DigitalOcean Cloud Control Panel.
Can I create new roles or edit existing roles?

Creating and editing roles is not currently supported but it is something that we are aware of and building towards by way of custom roles. Offering these predefined roles is the first step in this journey.

How do I apply roles through the Console and the API?
In the DigitalOcean Control Panel, you can manage team roles in Settings. From this tab, you can update a member's role or invite new members with specific roles through a straightforward, guided experience. Previously, Team Management has not had a supported Public API. With the introduction of RBAC, DigitalOcean has included new Team Management API's to manage users and roles. Please see the DigitalOcean API Reference.
Will this capability be API-only? Or is it available in the Cloud Control Panel UI?

No. Predefined roles for RBAC are available in the Cloud Control Panel. This feature will accommodate panel-only users. It should also be available to larger, more sophisticated users of the DigitalOcean API to also use predefined roles. There is no configuration disparity between the product experiences whether a user is a panel or an API user.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2024 DigitalOcean, LLC.Sitemap.