Skip to main content

Manage permissions

You can grant organization users, application users, and groups access at the organization, organizational unit, and project level through roles and permissions.

If you don't grant any roles or permissions to an organization user, they have the default access level to the organization.

important

When you remove permissions from a user or group, service credentials are not changed. Users can still directly access services if they know the service credentials. To prevent this type of access, reset all service passwords.

Organization and organizational unit permissions

Grant permissions at the organization level for access to all organizational units and projects in the organization. Grant permissions at the organizational unit level to give users access to all projects in that unit.

Grant organization or unit permissions to a user or group

  1. In the organization, click Admin.

  2. Click Permissions.

  3. Click Grant permissions and select Grant to users or Grant to groups.

  4. Select the users or groups to grant permissions to.

  5. In Resource, choose an organization or organizational unit.

  6. Select the roles and permissions to grant.

  7. Click Grant permissions.

Change organization or unit permissions for a user or group

You can change the permissions granted at the organization or organizational unit level for a user or group. In the Aiven Console, you cannot change the resource for existing permissions. To change the resource, remove the existing permissions and grant the permissions for the other resource.

  1. In the organization, click Admin.

  2. Click Permissions.

  3. For the user or group click Actions > Edit permissions.

  4. Add or remove permissions and click Save changes.

Remove all organization or unit-level roles and permissions

You can remove all permissions that you granted to a user or group at the organization or organizational unit level.

To remove all organization and unit permissions for a user or group:

  1. In the organization, click Admin.

  2. Click Permissions.

  3. For the user or group click Actions > Remove.

Make users super admin

The super admin role is a special role that has unrestricted access to an organization and all its resources and settings.

You cannot make application users super admin.

important

This role should be limited to as few users as possible for organization setup and emergency use. For daily administrative tasks, assign users the organization admin role instead. Aiven also highly recommends enabling two-factor authentication for super admin.

  1. In the organization, click Admin.
  2. Click Users.
  3. Find the user and click Actions > Make super admin.

To revoke super admin privileges for a user, follow the same steps and select Revoke super admin.

Project permissions

You can give users access to a specific project by granting them roles and permissions at the project level.

Grant project permissions to a user or group

  1. In the project, click Permissions.

  2. Click Grant permissions and select Grant to users or Grant to groups.

  3. Select the users or groups to add to the project.

  4. Select the roles and permissions to grant.

  5. Click Grant permissions.

Change permissions for a user or group

  1. In the project, click Permissions.

  2. For the user or group click Actions > Edit permissions.

  3. Add or remove permissions and click Save changes.

Remove all project-level roles and permissions

To remove all permissions to a project:

  1. In the project, click Permissions.

  2. For the user or group click Actions > Remove.