1 of 4

Access

The following section introduces the concepts used to control access to the dbnl platform.

Organization and Namespaces

Resources in the dbnl platform are organized using organizations and namespaces.

Organization

An organization, or org for short, corresponds to a dbnl deployment.

Organization Resources

Some resources, such as users, are defined at the organization level. Those resources are sometimes referred to as organization resources or org resources.

Namespaces

A namespace is a unit of isolation within a dbnl organization.

Namespace Resources

Most resources, including projects and their related resources, are defined at the namespace level. Resources defined within a namespace are only accessible within that namespace providing isolation between namespaces.

Default Namespace

All organizations include a namespace named default. This namespace cannot be modified or deleted.

By default, users are assigned the namespace reader role in the default namespace.

Switching Namespace

To switch namespace, use the namespace switcher in the navigation bar.

Creating a Namespace

To create a namespace, go to ☰ > Settings > Admin > Namespaces and click the + Create Namespace button.

Creating a namespace requires having the org admin role.

Adding a User to a Namespace

See Users and Permissions.

Users and Permissions

Discover how dbnl manages user permissions through a layered system of organization and namespace roles—like org admin, org reader, namespace admin, writer, and reader.

Users

A user is an individual who can log into a dbnl organization.

Permissions

Permissions are settings that control access to operations on resources within a dbnl organization. Permissions are made up of two components.

Resource: Defines which resource is being controlled by this permission (e.g. projects, users).
Verb: Defines which operations are being controlled by this permission (e.g. read, write).

For example, the projects.read permission controls access to the read operations on the projects resource. It is required to be able to list and view projects.

Roles

A role consists in a set of permissions. Assigning a role to a user gives the user all the permissions associated with the role.

Roles can be assigned at the organization or namespace level. Assigning roles at the namespace level allows for giving users granular access to projects and their related data.

Org Roles

An org role is a role that can be assigned to a user within an organization. Org role permissions apply to resources across all namespaces.

There are two default org roles defined in every organization.

Org admin

The org admin role has read and write permissions for all org level resources making it possible to perform organization management operations such as creating namespaces and assigning users roles.

By default, the first user in an org is assigned the org admin role.

Org reader

The org reader role has read-only permissions to org level resources making it possible to navigate the organization by listing users and namespaces.

By default, all users are assigned the org reader role.

Assigning a User an Org Role

To assign a user an org role, go to ☰ > Settings > Admin > Users, scroll to the relevant user and select the an org role from the dropdown in the Org Role column.

Assigning a user an org role requires having the org admin role.

Namespace Roles

A namespace role is a role that can be assigned to a user within a namespace. Namespace role permissions only apply to resources defined within the namespace in which the role is assigned.

There are three default namespace roles defined in every organization.

Namespace admin

The namespace admin role has read and write permissions for all namespace level resources within a namespace making it possible to perform namespace management operations such as assigning users roles within a namespace.

By default, the creator of a namespace is assigned the namespace admin role in that namespace.

Namespace writer

The namespace admin role has read and write permissions for all namespace level resources within a namespace except for those resources and operations related to namespace management such as namespace role assignments.

By default, all users are assigned the namespace writer role in the default namespace.

(Experimental) Namespace reader

The namespace reader role has read-only permissions for all namespace level resources within a namespace.

This is an experimental role that is available through the API, but is not currently fully supported in the UI.

Assigning a User a Namespace Role

To assign a user a namespace role within a namespace, go to ☰ > Settings > Admin > Namespaces, scroll and click on the relevant namespace and then click + Add User.

Assigning a user a namespace role requires having the org admin role or the namespace admin role in that namespace.

Tokens

Tokens are used for programmatic access to the dbnl platform.

Personal Access Tokens

A personal access token is a token that can be used for programmatic access to the dbnl platform through the SDK.

Tokens are not revocable at this time. Please remember to keep your tokens safe.

Permissions

A personal access token has the same permissions as the user that created it. See Users and Permissions for more details about permissions.

Token permissions are resolved at use time, not creation time. As such, changing the user permissions after creating a personal access token will change the permissions of the personal access token.

Create a Personal Access Token

To create a new personal access token, go to ☰ > Personal Access Tokens and click Create Token.

Personal access tokens are implemented using JSON Web Tokens and are not persisted. Tokens cannot be recovered if lost and a new token will need to be created.

Users and Permissions

Discover how dbnl manages user permissions through a layered system of organization and namespace roles—like org admin, org reader, namespace admin, writer, and reader.

Users

A user is an individual who can log into a dbnl organization.

Permissions

Permissions are settings that control access to operations on resources within a dbnl organization. Permissions are made up of two components.

Resource: Defines which resource is being controlled by this permission (e.g. projects, users).
Verb: Defines which operations are being controlled by this permission (e.g. read, write).

For example, the projects.read permission controls access to the read operations on the projects resource. It is required to be able to list and view projects.

Roles

A role consists in a set of permissions. Assigning a role to a user gives the user all the permissions associated with the role.

Roles can be assigned at the organization or namespace level. Assigning roles at the namespace level allows for giving users granular access to projects and their related data.

Org Roles

An org role is a role that can be assigned to a user within an organization. Org role permissions apply to resources across all namespaces.

There are two default org roles defined in every organization.

Org admin

The org admin role has read and write permissions for all org level resources making it possible to perform organization management operations such as creating namespaces and assigning users roles.

By default, the first user in an org is assigned the org admin role.

Org reader

The org reader role has read-only permissions to org level resources making it possible to navigate the organization by listing users and namespaces.

By default, all users are assigned the org reader role.

Assigning a User an Org Role

To assign a user an org role, go to ☰ > Settings > Admin > Users, scroll to the relevant user and select the an org role from the dropdown in the Org Role column.

Assigning a user an org role requires having the org admin role.

Namespace Roles

A namespace role is a role that can be assigned to a user within a namespace. Namespace role permissions only apply to resources defined within the namespace in which the role is assigned.

There are three default namespace roles defined in every organization.

Namespace admin

By default, the creator of a namespace is assigned the namespace admin role in that namespace.

Namespace writer

By default, all users are assigned the namespace writer role in the default namespace.

(Experimental) Namespace reader

The namespace reader role has read-only permissions for all namespace level resources within a namespace.

This is an experimental role that is available through the API, but is not currently fully supported in the UI.

Assigning a User a Namespace Role

To assign a user a namespace role within a namespace, go to ☰ > Settings > Admin > Namespaces, scroll and click on the relevant namespace and then click + Add User.

Assigning a user a namespace role requires having the org admin role or the namespace admin role in that namespace.

Organization and Namespaces

Resources in the dbnl platform are organized using organizations and namespaces.

Organization

An organization, or org for short, corresponds to a dbnl deployment.

Organization Resources

Some resources, such as users, are defined at the organization level. Those resources are sometimes referred to as organization resources or org resources.

Namespaces

A namespace is a unit of isolation within a dbnl organization.

Namespace Resources

Default Namespace

All organizations include a namespace named default. This namespace cannot be modified or deleted.

By default, users are assigned the namespace reader role in the default namespace.

Switching Namespace

To switch namespace, use the namespace switcher in the navigation bar.

Creating a Namespace

To create a namespace, go to ☰ > Settings > Admin > Namespaces and click the + Create Namespace button.

Creating a namespace requires having the org admin role.

Adding a User to a Namespace

See Users and Permissions.