How to Use SingleStore Helios RBAC

Organization Level

Inviting New Users

1. Navigate to the Users & Teams option from the Organization menu at the top.

2. Select Add Member.

3. Enter the new user's email address and then select the default team that this member should be invited to. 

4. By default, each user is given the User role.

5. To change or add roles for each user, navigate to Teams, then select the team the user needs to be part of in the organization.

6. Select Edit Team, select the user from the list, and then select Update Team.

Creating a New Team

1. Navigate to the Users &Teams option from the Organization menu at the top.

2. Switch to the Teams tab.

3. Select Create New Team.

4. Add the details for Team Name and Team Description.

5. Select default members in the team.

6. Select Create Team to complete the creation.

Updating the Members of Existing Teams

1. Navigate to the Users & Teams option from the Organization menu at the top.

2. Switch to the Teams tab.

3. Select the ellipsis (three dots) in the Actions column and select View Team. Alternatively, you can directly select the Team Name in the first column.

   • Select Edit Team on the top right.

   • Add or remove existing members of the team as required.

   • Select Update Team to save changes.

Workspace Group Level

Inviting New Users

1. Navigate to Deployments in the left navigation pane.

2. Select the workspace group that you want to invite the user to.

3. Select the User Management tab. 

4. Select Add Members.

5. In the Add Member to Workspace group dialog box, fill in the details.

6. Select User or Team from the list, select a user or the team from the list, and select a role. This applies to the workspace group-level roles that need to be added.

7. Select Add Members to save the changes.

8. You will be able to see the member or team added.

Updating Members in an Existing Workspace Group

1. Navigate to Deployments in the left navigation pane.

2. Select the workspace group from the workspace group list that you want to invite the user to.

3. Select the User Management tab. 

4. Select the ellipsis (three dots) in the Actions column and then select Edit Roles next to the user to change the role of the user. To remove the user’s access from the workspace group completely, select Revoke all Roles.

5. In the Edit Roles, change the role for the user. 

6. Select Update to save the changes.

Enabling RBAC for New and Existing Organizations

RBAC is enabled for all Organizations.

Pre-defined teams are created and granted common roles when RBAC is enabled. These teams include Organization Owners, Organization Billing Administrators, Organization User Administrators, Organization Operators, Organization Writers, and Organization Readers.

For new organizations, the initial users will be added to the Organization Owners team, which grants full access to all user actions. For existing organizations, users will be added to the Organization Owners teams, allowing those users continued access to any user actions. Any user in the Organization Owners team can reassign other users in the team to different teams to limit their access.

New users can be invited to join any team(s). Inviting a new user to join the Organization Owners team immediately grants them access to all resources in the organization. Inviting a new user without specifying a team adds them to the default members team, which makes them a member of the organization, but grants no specific access beyond the ability to login to the portal and navigate to the options available.

When users are added to an organization or a workspace group, synchronization takes place in the engine and they are added to the corresponding user groups in the backend.