Sign inTry Free

Role-Based Access Control (RBAC) for SingleStore Aura

On this page

Note

This is a Preview feature.

SingleStore Aura supports Role-Based Access Control (RBAC), which allows administrators to assign granular permissions at multiple levels. This ensures that users and teams have only the access they need to develop, deploy, and manage Aura applications such as Cloud Functions, Dashboard Apps, and Scheduled Jobs.

Refer to Role-Based Access Control (RBAC) for SingleStore Helios for more information on RBAC in SingleStore Helios.

Benefits of RBAC in SingleStore Aura

  • Operational Efficiency: You can onboard or offboard users efficiently and modify their access based on role changes.

  • Secure Collaboration: RBAC ensures that users access only the resources they need. For example, data scientists can build applications, while analysts can view them without making changes.

  • Compliance-Ready: Role-to-resource mappings and access logs simplify audit processes and help meet regulatory requirements.

  • Orphaned Resource Prevention: When users leave, RBAC helps prevent lost or unmanaged assets by enabling easy transfer of ownership.

Predefined Roles for Aura App Resource

Role

Description

Permission

Owner

Owners are granted full access including the ability to manage access, operate, delete, monitor and use the Aura App.

  • Control Access

  • Create API Keys

  • Delete

  • Revoke API Keys

  • Update

  • Use

User

Users are granted access to only use Aura App and create Aura API keys.

  • Create API Keys

  • Use

How to Use RBAC in SingleStore Aura

Aura App users can enforce RBAC in SingleStore Aura using both the Cloud Portal and Management API.

Using Cloud Portal

To use RBAC in the Cloud Portal, perform the following steps:

  1. Under the Develop section, navigate to an Aura App.

  2. Select the three dots under the Actions column next to your Aura App instance, and then select Share.

  3. From the list, select User or Team to share the Aura App with.

  4. In the Access list, select the desired role next to the selected user or team.

  5. To remove access for a user or team, select Remove Access in the Access list.

Using Management API

Use the Users (/v1/users endpoint) and Teams path (/v1/teams endpoint) in the Management API to use RBAC in SingleStore Aura. Refer to Management API Reference for more information.

Last modified: August 18, 2025

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK