User authorization and roles
Deeploy offers various levels of authorization. The following tables detail the actions available to each role.
Invite users
As an organization admin, you can invite new members on the Organization page.
When inviting new members, provide the following details. You can modify these at a later stage:
- Email address: the invitation is sent to this address
- First name
- Last name
- Role: User, Governance manager, or Admin
Organization
When you join an organization, you're assigned an Admin, Governance manager, or User role. The organization creator is an admin by default. Each organization must have at least one admin.
| Admin | Governance manager | User | |
|---|---|---|---|
| View organization logs | ✓ | ✓ | |
| Manage control frameworks | ✓ | ✓ | |
| Manage controls | ✓ | ✓ | |
| Manage approval rules | ✓ | ✓ | |
| Manage periodic reviews | ✓ | ✓ | |
| Upload documents | ✓ | ✓ | |
| Change organization name | ✓ | ||
| Invite users | ✓ | ||
| Manage users | ✓ | ||
| Delete organization | ✓ | ||
| Change organization plan | ✓ | ||
| Configure integrations | ✓ | ||
| Create Workspaces | ✓ |
Workspace
Organization admins automatically inherit the Workspace owner role in every Workspace. A Workspace owner can invite members of the organization to the Workspace and assign them the Operator, Reviewer, or Owner role. Governance managers inherit the Workspace reviewer role in every Workspace. Unlike admins, this role can be changed to Workspace operator or Workspace owner.
To add a member to a Workspace, you must first invite them to the organization.
| Workspace owner | Workspace operator | Workspace reviewer | |
|---|---|---|---|
| Manage Workspace members | ✓ | ||
| Edit Workspace settings | ✓ | ||
| Delete the Workspace | ✓ | ||
| Change Deployment owner | ✓ | ||
| Change default Deployment service | ✓ | ||
| Add alert webhooks | ✓ | ✓ | |
| Create Deployments | ✓ | ✓ | |
| Manage Repositories | ✓ | ✓ | |
| Restore Deployments | ✓ | ✓ | |
| Manage use cases | ✓ | ✓ | |
| Manage credentials | ✓ | ✓ | |
| Bulk onboard Databricks serving endpoints | ✓ | ✓ | |
| Manage guardrails | ✓ | ✓ | |
| Manage environment variables | ✓ | ✓ | |
| Manage job schedules | ✓ | ✓ | |
| Manage documentation templates | ✓ | ✓ | ✓ |
| View the Workspace | ✓ | ✓ | ✓ |
| Test Deployments | ✓ | ✓ | ✓ |
| Edit Deployment documentation | ✓ | ✓ | ✓ |
Deployment
Every Deployment has a single owner. By default, this is the account that created the Deployment. To change the Deployment owner, go to the Details page, select a different owner, and select Save.
Workspace owners can change the owner of any Deployment in their Workspace.
| Deployment owner | Other | |
|---|---|---|
| Edit Deployment details | ✓ | |
| Change Deployment owner | ✓ | |
| Update Deployments | ✓ | |
| Delete Deployments | ✓ | |
| Restore Deployments | ✓ | |
| Manage Deployment tokens | ✓ | |
| Manage Deployment alert rules | ✓ | |
| View Deployment events | ✓ | |
| Test a Deployment (predict + explain) | ✓ | ✓ |
| Test a Deployment (actual + evaluation) | ✓ |
Use case
A use case can have multiple owners. Workspace members can upload evidence for controls, upload documentation, or create Deployments linked to the use case. Owners can complete controls, change the lifecycle stage, and perform periodic reviews.
| Use case owner | Other | |
|---|---|---|
| Edit use case details | ✓ | ✓ |
| Change use case owner | ✓ | ✓ |
| Risk classification assessment | ✓ | ✓ |
| Delete use cases | ✓ | ✓ |
| Upload documentation | ✓ | ✓ |
| Fill in documentation template | ✓ | ✓ |
| Add use case control evidence | ✓ | ✓ |
| Request control status change | ✓ | |
| Change control status | ✓ | |
| Change lifecycle stage | ✓ | |
| Complete periodic review | ✓ |