# Container Services RBAC

> **📝 Note**: This is a Preview feature.

SingleStore Aura supports Role-Based Access Control (RBAC), which allows administrators to assign granular permissions at multiple levels. This ensures that users and teams have only the access they need to develop, deploy, and manage Container services such as Cloud Functions, Dashboard Apps, and Scheduled Jobs.

Refer to [Role-Based Access Control (RBAC) for SingleStore Helios](https://docs.singlestore.com/cloud/security/administration/role-based-access-control-rbac-for-singlestore-helios.md) for more information on RBAC in SingleStore Helios.

## Benefits of RBAC in SingleStore Aura

* **Operational Efficiency**: You can onboard or offboard users efficiently and modify their access based on role changes.
* **Secure Collaboration**: RBAC ensures that users access only the resources they need. For example, data scientists can build applications, while analysts can view them without making changes.
* **Compliance-Ready**: Role-to-resource mappings and access logs simplify audit processes and help meet regulatory requirements.
* **Orphaned Resource Prevention**: When users leave, RBAC helps prevent lost or unmanaged assets by enabling easy transfer of ownership.

## Predefined Roles for Container App Resource

| **Role** | **Description**                                                                                                            | **Permission**                                                                                                                    |
| -------- | -------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| Owner    | Owners are granted full access including the ability to manage access, operate, delete, monitor and use the Container App. | <ul> <li>Control Access</li> <li>Create API Keys</li> <li>Delete</li> <li>Revoke API Keys</li> <li>Update</li> <li>Use</li> </ul> |
| User     | Users are granted access to only use Container App and create Container App API keys.                                      | <ul> <li>Create API Keys</li> <li>Use</li> </ul>                                                                                  |

## How to Use RBAC in SingleStore Aura

Aura App users can enforce RBAC in SingleStore Aura using both the Cloud Portal and Management API.

## Using Cloud Portal

To use RBAC in the Cloud Portal, perform the following steps:

1. Under the **Container Services** section, navigate to an Aura App.

2. Select the three dots under the **Actions** column next to your Container App instance, and then select **Share**.

3. From the list, select **User** or **Team** to share the Container App with.

4. In the **Access** list, select the desired role next to the selected user or team.

5. To remove access for a user or team, select **Remove Access** in the **Access** list.

## Using Management API

Use the `Users` (`/v1/users` endpoint) and `Teams` path (`/v1/teams` endpoint) in the [Management API](https://docs.singlestore.com/cloud/reference/management-api.md) to use RBAC in SingleStore Aura. Refer to [Management API Reference](https://docs.singlestore.com/cloud/reference/management-api/#section-idm4608309617228834306792661294.md) for more information.

***

Modified at: February 24, 2026

Source: [/cloud/container-services/container-services-rbac/](https://docs.singlestore.com/cloud/container-services/container-services-rbac/)

(An index of the documentation is available at /llms.txt)