Skip to main content

Roles and permissions

To give users access to projects and services in your organizations, you grant them permissions and roles:

  • Permissions: Actions that a principal can perform on a resource or group of resources.
  • Roles: Sets of permissions that you can assign to a principal.

Principals are organization users, application users, and groups. You can grant access to principals at the project level.

To grant access to resources at the organization level, you can make organization users super admin. Limit the number of users with this role as it gives unrestricted access to all organization resources including billing, admin, and all projects and services.

Project roles

You can grant the following roles for projects to principals.

Console nameAPI namePermissions
Adminadmin
  • Full access to the project and all of its services.
Developerdeveloper
  • Create databases.
  • View connection information.
  • Remove Aiven for OpenSearch® indexes.
  • Create and change Aiven for Apache Kafka® topics.
  • Create and change Aiven for PostgreSQL® connection pools.
  • Create and change service database users.
Operatoroperator
  • View project audit log.
  • View project permissions.
  • Full access to all services in the project and their configuration.
Read onlyread_only
  • View all services and their configuration.

Project admin do not have access to organization settings such as billing unless they are also a super admin.

Project and service permissions

important

Permissions are not yet fully supported in the Aiven Console. They are intended for use with the Aiven API, Aiven Provider for Terraform, and Aiven Operator for Kubernetes.

You can grant the following permissions to principals. The actions listed for each permission apply to the project and all services within it.

Console nameAPI nameAllowed actions
View project audit logproject:audit_logs:read
  • View the log for the project.
  • View all services in the project.
View project integrationsproject:integrations:read
  • View all integration endpoints for a project.
View project networkingproject:networking:read
  • View all project VPCs.
Manage project networkingproject:networking:write
  • Add, edit, and remove project VPCs.
View project permissionsproject:permissions:read
  • View all users granted permissions to a project.
View servicesproject:services:read
  • View all details for services in a project, except the service logs.
View service logsservice:logs:read
  • View logs for all services in the project.
Service logs may contain sensitive information.