• HOME
  • INTEGRATIONS
  • SDKS
  • GUIDES
  • API DOCS
No results for ""
EXPAND ALL
CLOSE
launchdarkly.com

EDIT ON GITHUB

Custom roles

Read time: 1 minute
Last edited: Apr 30, 2020
This feature requires an Enterprise plan

Custom roles are only available to customers on our Enterprise plans. To learn more about Enterprise plans, contact Support or your LaunchDarkly account representative.

Overview

This topic explains what custom roles are and how to create them.

Custom roles give you fine-grained access control to everything in LaunchDarkly, from feature flags to metrics, environments, and teams. With custom roles, it's possible to enforce access policies that meet your exact workflow needs.

Concepts

LaunchDarkly's role-based permission system provides global access control levels for team members based on a set of built-in roles. The built-in roles are:

  • reader
  • writer
  • admin / owner

If you're on an enterprise plan, you can also create flexible policies that cut across your entire project called custom roles.

With custom roles, you can:

  • Restrict view access for a project to a group of members. This has the effect of locking the project to only the members you specify. If a member cannot view a project, they cannot modify or configure any of the resources within it, including feature flags.

  • Lock your production environment down to a small set of trusted users

  • Differentiate infrastructure-level feature flags (controlled by your devOps team) from experiments (controlled by product management or marketing)

  • Allow team members to control feature flags on environments that are designated for their team only

Our custom role system is inspired by AWS Identity and Access Management (IAM), so if you're familiar with IAM, you'll see a few similarities.

Using custom roles

Implementing custom roles is a three step process. You must create the role itself, define actions that role can and cannot take by writing a policy, and finally give the role to one or more users.

To implement a custom role:

  1. Create a custom role
  2. Create one or more policies for that custom role
  3. Give one or more users that custom role

To learn more, read Configuring custom roles.

Custom roles are extremely configurable. The other topics in this section give more details about writing custom roles and the policies that power them.

To learn more about configuring custom roles, read the following topics: