dFlowAccess Control (RBAC)
Learn how roles, permissions, and user invitations work in dFlow. Create custom roles, assign access levels, and manage team members securely.
dFlow uses a simple yet powerful Role-Based Access Control (RBAC) system.
It includes one built-in role (Admin) and allows you to create unlimited custom roles based on granular permissions.
This ensures your team members have the right level of access across projects, servers, services, and configuration.
Roles in dFlow
dFlow includes one predefined role:
Admin
The system’s default full-access role.
Admins can:
- manage projects, services, and servers
- modify settings and environment variables
- deploy applications and databases
- manage team members
- create and edit custom roles
Admins are typically organization owners or DevOps engineers.
Custom Roles
Beyond Admin, you can create additional roles that match your workflow:
Examples:
- Developer → deploy & update services, read logs
- Viewer → read-only access
- Project Manager → update settings, no destructive actions
- Contractor → restricted access to specific resources
Custom roles offer full flexibility.
How to Create a Role
- Go to Teams Tab
- Click Create New Role
- Enter a name (Developer, Viewer, etc.)
- Select permissions (Create / Read / Update / Delete per collection)
- Save the role
You can assign this role to any member later.
Permissions in dFlow
Permissions define what actions a role is allowed to perform.
Each collection supports 4 permission types:
- Create → add new items
- Read → view existing items
- Update → modify items
- Delete → remove items
Permission Matrix (Example)
| Collection | Create | Read | Update | Delete |
|---|---|---|---|---|
| projects | ✔ | ✔ | ✔ | ✔ |
| services | ✔ | ✔ | ✔ | ✔ |
| servers | ✖ | ✔ | ✖ | ✖ |
| templates | ✔ | ✔ | ✔ | ✔ |
| roles | ✔ | ✔ | ✔ | ✖ |
| backups | ✔ | ✔ | ✔ | ✖ |
| securityGroups | ✔ | ✔ | ✔ | ✖ |
| sshKeys | ✔ | ✔ | ✔ | ✖ |
| cloudProviderAccounts | ✔ | ✔ | ✔ | ✖ |
| dockerRegistries | ✔ | ✔ | ✔ | ✔ |
| gitProviders | ✔ | ✔ | ✔ | ✔ |
| team | ✖ | ✔ | ✖ | ✖ |
Your actual roles may differ based on your permissions.
Inviting Members to Your Workspace
You can invite new users to join your dFlow workspace and assign them the role you created.
How to Invite a User
- Go to Teams Tab
- Enter the user’s email address
- Select a role (Admin or any custom role)
- Click Invite
An invitation email will be sent to the user.
Copy Invitation Link
If the user doesn’t receive the email or you want to send it manually:
- Click Copy Invitation Link
- Share the link manually through Slack, email, or chat
The link works exactly the same as the invitation email.
After the User Accepts
Once they click the invite link:
- They join your workspace immediately
- Their assigned role determines what access they have
- You can modify their role anytime.
Summary
- dFlow has one built-in Admin role
- You can create unlimited custom roles
- Permissions allow granular CRUD per collection
- Invites allow quick onboarding with assigned roles
- RBAC ensures secure and controlled workspace access