Users, Roles, and Permissions

Users are the people who sign in to your instance, and roles determine what they can do. This page covers inviting users, the common roles, and keeping access tidy over time.

Inviting users

  1. Sign in as an administrator and open the users area.
  2. Invite a user by email, or, if SSO is enabled, let them sign in through your identity provider.
  3. Assign an appropriate role at the time of invitation.
  4. Confirm the invitation is delivered; this relies on email being configured.

Common roles

  • Administrators can manage the instance, its settings, and its users, and can edit the map.
  • Members can find their way around the map and contribute entities and relationships.
  • Read-only or viewer access, where available, lets people search and browse without making changes.

The exact set of roles depends on your version and plan. Group-based access control, where roles are driven by identity-provider groups, is available on plans that include it; see the Authentication and SSO page for how to map groups to roles.

Assigning and changing roles

  1. Open the user in the users area.
  2. Set the role that matches what they need to do.
  3. Prefer the least access that still lets someone do their job.
  4. Save the change.

Keeping access tidy

  • Review the user list periodically and remove people who have left.
  • Keep the number of administrators small.
  • When someone changes teams, revisit both their role and any ownership assigned to them.

Screenshot: the users area with a user selected and their role being changed.