|
| 1 | +--- |
| 2 | +title: Control administrative access |
| 3 | +description: Using the role-based authorization feature (RBAC) of CodeRabbit |
| 4 | +--- |
| 5 | + |
| 6 | +CodeRabbit uses role-based authorization control (RBAC) to control which |
| 7 | +administrative features are available to your organization's user accounts. |
| 8 | + |
| 9 | +## Overview of CodeRabbit RBAC {#overview} |
| 10 | + |
| 11 | +Every CodeRabbit account has exactly one CodeRabbit RBAC role for each organization |
| 12 | +that account is associated with. |
| 13 | +For example, if you belong to two GitHub-based organizations that use |
| 14 | +CodeRabbit, then you have one CodeRabbit RBAC role set for each of those two |
| 15 | +organizations. |
| 16 | + |
| 17 | +CodeRabbit RBAC roles determine your ability to read or change various |
| 18 | +billing, account management, and other administrative functions related to |
| 19 | +an organization. The roles are as follows: |
| 20 | + |
| 21 | +- **Admin**: allows full read/write access to all CodeRabbit administrative features. |
| 22 | +- **Member**: allows read-only access to a limited set of administrative settings. This role |
| 23 | + is appropriate for most developers in an organization. |
| 24 | +- **Billing Admin**: allows read/write access to features specific |
| 25 | + to a subscription and billing management, and limited access to other administrative features. |
| 26 | + |
| 27 | +CodeRabbit users with the **Admin** role can modify the RBAC roles of other users in the |
| 28 | +organization. |
| 29 | + |
| 30 | +For a complete list of the administrative functions available to each role, see |
| 31 | +[Role permissions](#permissions). |
| 32 | + |
| 33 | +### RBAC roles and CodeRabbit features {#and-features} |
| 34 | + |
| 35 | +RBAC roles have no effect on using CodeRabbit features, such |
| 36 | +as automated code reviews. In other words, if an organization has a Pro-tier |
| 37 | +CodeRabbit account, then all its users can use Pro-tier features when working |
| 38 | +with that organization's repositories, regardless of their CodeRabbit RBAC roles with |
| 39 | +that organization. |
| 40 | + |
| 41 | +### CodeRabbit roles and Git platform roles {#and-upstream} |
| 42 | + |
| 43 | +Modifying an account's CodeRabbit RBAC role doesn't have any "upstream" |
| 44 | +effect on that account's role or permissions in your organization's Git platorm. |
| 45 | +Similarly, changes to an account's role on your organization's Git platform don't |
| 46 | +affect that account's CodeRabbit RBAC role. |
| 47 | + |
| 48 | +For example, if you have CodeRabbit integrated with a GitHub organization, and you change an account's CodeRabbit role from **Member** to **Admin**, then that account's |
| 49 | +permission or ownership level with your GitHub organization doesn't change as a result. |
| 50 | + |
| 51 | +## Default RBAC roles {#defaults} |
| 52 | + |
| 53 | +CodeRabbit assigns every user in your Git platform organization a default RBAC role, |
| 54 | +using the following metrics: |
| 55 | + |
| 56 | +- If a user has an ownership-level role with the Git platform organization—for example, |
| 57 | + **Admin** on GitHub, or **Owner** on Bitbucket—then that user receives the default |
| 58 | + CodeRabbit RBAC role of **Admin**. |
| 59 | +- Otherwise, the user receives the **Member** RBAC role by default. |
| 60 | + |
| 61 | +You can update a user's role from its default setting by following the steps detailed in the next section. This requires that your own account |
| 62 | +has an **Admin** RBAC role with the organization. |
| 63 | + |
| 64 | +CodeRabbit applies these defaults only when initially setting up RBAC for an |
| 65 | +account within an organization. Subsequent "upstream" role changes don't affect |
| 66 | +an account's CodeRabbit role. |
| 67 | + |
| 68 | +## View or set RBAC roles {#how-to} |
| 69 | + |
| 70 | +You can view and set RBAC roles from the CodeRabbit dashboard, as detailed in the |
| 71 | +following sections. |
| 72 | + |
| 73 | +### View roles {#view-roles} |
| 74 | + |
| 75 | +To view a list of your organization's RBAC role assignments, follow these steps: |
| 76 | + |
| 77 | +1. Go to the [CodeRabbit dashboard](https://app.coderabbit.ai/settings/repositories). |
| 78 | + |
| 79 | +1. At the top of the sidebar, select the organization whose user roles you want to view. |
| 80 | + |
| 81 | +1. On the sidebar, click **Subscription**. |
| 82 | + |
| 83 | +This displays a table of all of the CodeRabbit **Admin** and **Member** accounts associated with the selected |
| 84 | +organization. In this table, the **Role** column displays the CodeRabbit RBAC role for |
| 85 | +each account. |
| 86 | + |
| 87 | +To view a list of accounts with the **Billing Admin** role, click the **Billing Admins** tab located above the table of user accounts. |
| 88 | + |
| 89 | +### Set roles {#set-roles} |
| 90 | + |
| 91 | +:::note |
| 92 | +To modify users' CodeRabbit accounts, your own account must have the **Admin** RBAC role within your organization. |
| 93 | +::: |
| 94 | + |
| 95 | +To change a user account's RBAC role, follow these steps: |
| 96 | + |
| 97 | +1. Go to your organization's list of user accounts, as detailed in the previous section. |
| 98 | + If you have the **Admin** role within this organization, then the **Role** column in the user accounts table contains selectable menus. |
| 99 | + |
| 100 | +1. Click the menu in the user's **Role** column, and select the appropriate role from |
| 101 | + the list. |
| 102 | + |
| 103 | +The only roles you can assign through this method are **Admin** and **Member**. |
| 104 | +You can't grant the **Billing Admin** role to an existing user account. To add an account with the **Billing Admin** role, see the next section. |
| 105 | + |
| 106 | +### Add billing admin accounts {#billing} |
| 107 | + |
| 108 | +To add a CodeRabbit user account with the **Billing Admin** role, follow these steps: |
| 109 | + |
| 110 | +1. Go to your organization's list of user accounts, as detailed in [View roles](#view-roles). |
| 111 | + |
| 112 | +1. Click **Invite Billing Admin**. |
| 113 | + |
| 114 | +1. Enter the name and email address of the billing administrator who you want to invite to the organization. |
| 115 | + |
| 116 | +This sends an email to the address that you specified. After the recipient completes the process of joining your organization in CodeRabbit, then their record appears in the user accounts list, under the **Billing Admins** tab. |
| 117 | + |
| 118 | +## Role permissions {#permissions} |
| 119 | + |
| 120 | +The following table lists the CodeRabbit administative functionality |
| 121 | +available to each of the CodeRabbit RBAC roles. |
| 122 | + |
| 123 | +| Resource | Admin | Member | Billing Admin | |
| 124 | +| ----------------------- | ---------- | --------- | ------------- | |
| 125 | +| Learning Resources | Read/Write | Read-only | No access | |
| 126 | +| Metrics/Dashboard | Read/Write | No access | No access | |
| 127 | +| Reports | Read/Write | Read-only | No access | |
| 128 | +| Integrations | Read/Write | Read-only | No access | |
| 129 | +| Repository Settings | Read/Write | Read-only | No access | |
| 130 | +| Admin Management | Read/Write | No access | No access | |
| 131 | +| Organization Settings | Read/Write | Read-only | No access | |
| 132 | +| User Management | Read/Write | Read-only | Read-only | |
| 133 | +| Subscription Management | Read/Write | Read-only | Read/Write | |
| 134 | +| Billing Management | Read/Write | No access | Read/Write | |
0 commit comments