API Monitoring & Testing: Role-Based Access Control

The Role-Based Access Control feature requires a qualifying plan. Please contact Sales to get started.

Role-based access control (RBAC) is a feature for teams that want to manage user's access to managing, editing, and viewing specific tests, buckets, and account features.

With RBAC you can:

  • Allow users to have admin access to team's features such as RBAC itself, File Uploads, or billing details.
  • Create a group that only has access to Bucket A and B, but not Bucket C.
  • Create separate roles with different levels of access for developers, managers, Q&A, contractors, etc.


How RBAC Works

RBAC in Runscope has three important elements: groups, roles, and permissions.

Groups

Groups are a way for team administrators to control team members access to private buckets. For example:

  • You can have a group named "Internal", where team members that are part of that group only have access to Runscope buckets that are related to internal APIs.
  • You can have another group named "Contractors", where team members only have access to a select number of buckets that they're currently working on.

Buckets are set to public by default after they are created, and can be set to private by accessing the bucket's settings.

Users have a one-to-many relationship, so users can be a part of multiple groups at the same time. If a user is a part of multiple groups, they will have access to all of the buckets that are included in all of the groups they are a part of.

Roles and Permissions

Roles and permissions are a way to organize the level of access each team member can have. For example:

  • A user can have a role of "Developer". That user will have a set of permissions that are related to development tasks, such as creating new tests, viewing tests, editing/modifying tests, deleting tests, etc.
  • Another user can have a role of "Management". That user will have a set of permissions that allows them to view tests, but doesn't allow them to create or edit new tests. They can view the status and health of any API monitors, but won't be able to make changes to current test configurations.

Each team member can only be assigned one role. Each role can have any combination of permissions enabled. The list of permissions is as follows:

List of Permissions

Name Description
View Tests View all tests within a bucket
Execute Tests Run or cancel tests within a bucket
Modify Tests Create and edit tests within a bucket
Delete Tests Delete tests within a bucket
Share Test Results Share the results of a test
Manage Test Schedules Add, modify, and delete test schedules within a bucket
Export Tests Export tests within a bucket
Modify Shared Environments Add, modify, and delete shared environments within a bucket
Add Buckets Add new buckets
Modify Buckets Modify bucket settings (change name, delete, etc.)
Add Connected Service Add a connected service
Delete Connected Service Delete a connected service
Modify Script Libraries Modify script libraries
Delete Script Libraries Delete script libraries
Gateway Agent Authentication Authorize to sign in via the Gateway Agent
Radar Agent Authentication Authorize to sign in via the Radar Agent
View Team Members View all members of a team
Manage Team Members Add or delete team members
Invite Team Members Invite members to a team
Change Team Name Change team name
View Team Usage View team usage
View Team Groups View group permissions and membership
Modify Team Groups Modify group permissions and membership
View Team Secrets View the list of all sensitive variables
Manage Team Secrets Create, edit, and delete sensitive variables
Manage File Uploads Upload and delete files
View Billing View billing information for a team
Manage Billing Change billing information for a team

How to Create and Manage Groups

Important: only the team admin or users with Team Group permissions will be able to manage groups.

  • After logging in to your Runscope account, click on your profile on the top-right and select Teams & Usage
  • On the left-hand side, click on Team Members under the team that you want to manage
  • Under the Team Groups section, click on Add New
  • Give your group a name and click on Create Group
  • Under the Private Buckets section, use the search box to search for private buckets under your account. Click on Add Bucket to add a bucket to the list
    • Use the checkbox next to each bucket if you want to remove it from the list
  • Under the Members section, add your team members email address that you want to give access to the buckets in the selected user group
  • Click on Save at the top to save any changes you make

How to Create and Manage Roles and Permissions

Creating New Roles

  • After logging in to your Runscope account, click on your profile on the top-right and select Roles & Permissions
  • By default, Runscope creates three groups for every team with the RBAC feature enabled. These are protected roles, and they can't be edited: Administrators, Read-only Members, and User Group
  • To create a new role, click on Add Role at the top
  • Give the role a name and click on Create Role
  • In the new role permissions page, mark the checkbox for each permission you want the new role to have access to
  • Click on Save at the top when you're done

Assigning Roles to Team Members

  • After logging in to your Runscope account, click on your profile on the top-right and select Team Members
  • Under the Team Members section, select the desired role for each user by clicking on the drop-down menu next to their name

Need help? We have you covered.

View the docs or contact our support team and we'll get back to you as soon as we're able to respond.