Engineering
Introducing Granular Permissions: For Fine-Tuning User Access
Gabriella Valdes
Customer Experience
At Aptible, we are committed to building the platform as a service that grows with your company—from start to scale. Today, we’re excited to continue to deliver on that commitment by announcing Granular Permissions, a new and improved permission model which allows fine-tuning User access.
Use Cases
Until now, Aptible had a simple but powerful system: read-only or full write-access to a given Environment. The simplicity of this system for role-based access controls enabled developers to avoid more complex and error-prone IAM systems, like AWS’s. As teams scaled on Aptible, we saw some of the ways this system was too simple for complex use cases. Some examples include:
Providing read-only database access to non-engineers
Providing limited access to basic operations (such as scaling and restarting) to robots
Proving least privileged access for security & compliance requirements, such as SOC 2
To make Aptible work even better for teams at scale, we’ve introduced Granular Permissions for Custom Roles. When implementing, we recommend considering the following so you can ensure your team has the right level of permissions:
What Environments do the Users in this Role need access to?
What are all the actions the Users in this Role need to perform?
What information or actions should the Users in this Role not have access to?
“We’ve tested and implemented Tunnel Only permissions. This works great for locking down database access by providing tunnel access without sensitive information like database credentials. It gives us much more flexibility in what we can do!” - DevOps Engineer @ Further
Roles
Users are assigned Roles which define the level of access they have within your Aptible account. The three types of Roles on Aptible:
Account Owners: Can manage all resources + invite and manage Users and Roles + view all billing details
Aptible Deploy Owners: Can manage all resources + invite and manage Users and Roles
Custom Role: Can perform actions defined by permissions set on a given Role. Note: There is no limit to how many Custom Roles you can create.
TIP: As you scale your team, Custom Roles become more useful for maintaining least-privileged access. Since Roles define what Environments Users have permissions to, we highly recommend multiple Environments to design a least-privileged access principle.
Learn more about each Role here in our docs.
Permissions
Read Permissions
To give Users read permission to a given Environment, you can assign one of the following permissions:
Basic Visibility: Can read basic information
Full Visibility (formerly Read): Can read basic information + App Configurations
Learn more about each read permission here in our docs.
Write Permissions
To give Users write permission to a given Environment, you can assign the following permissions:
Environment Admin (formerly Write): Can perform any action within the environment (all of the below).
Deployment: Can create and deploy resources
Destruction: Can destroy resources
Ops: Can create and manage Log and Metric Drains, and restart and scale resources.
Sensitive Access: Can see and manage sensitive values such as configuring Apps, viewing Database Credentials, and managing Certificates.
Tunnel: Can tunnel into Databases but cannot see Database Credentials.
TIP: You can also set up monitoring for key security events like Database Tunneling and SSH Sessions. Read more about how we’ve achieved that within our own systems.
Learn more about each write permission here in our docs.
Next Steps
To get started using our new permissions, navigate to the Roles tab within the Aptible Dashboard or read our docs.
Want to see a new permission be added in the future? Let us know!
For a comprehensive list of what’s next with Aptible, and to request features that would benefit your growing team, visit our roadmap.