Xano Documentation
  • 👋Welcome to Xano!
  • 🌟Frequently Asked Questions
  • 🔐Security & Compliance (Trust Center)
  • 🙏Feature Requests
  • 💔Known Issues
  • Before You Begin
    • Using These Docs
    • Where should I start?
    • Set Up a Free Xano Account
    • Key Concepts
    • The Development Life Cycle
    • Navigating Xano
    • Plans & Pricing
  • The Database
    • Designing your Database
    • Database Basics
      • Using the Xano Database
      • Field Types
      • Relationships
      • Database Views
      • Export and Sharing
      • Data Sources
    • Migrating your Data
      • Airtable to Xano
      • Supabase to Xano
      • CSV Import & Export
    • Database Performance and Maintenance
      • Storage
      • Indexing
      • Maintenance
      • Schema Versioning
  • 🛠️The Function Stack
    • Building with Visual Development
      • APIs
        • Swagger (OpenAPI Documentation)
      • Custom Functions
        • Async Functions
      • Background Tasks
      • Triggers
      • Middleware
      • Configuring Expressions
      • Working with Data
    • Functions
      • AI Tools
      • Database Requests
        • Query All Records
          • External Filtering Examples
        • Get Record
        • Add Record
        • Edit Record
        • Add or Edit Record
        • Patch Record
        • Delete Record
        • Bulk Operations
        • Database Transaction
        • External Database Query
        • Direct Database Query
        • Get Database Schema
      • Data Manipulation
        • Create Variable
        • Update Variable
        • Conditional
        • Switch
        • Loops
        • Math
        • Arrays
        • Objects
        • Text
      • Security
      • APIs & Lambdas
        • Realtime Functions
        • External API Request
        • Lambda Functions
      • Data Caching (Redis)
      • Custom Functions
      • Utility Functions
      • File Storage
      • Cloud Services
    • Filters
      • Manipulation
      • Math
      • Timestamp
      • Text
      • Array
      • Transform
      • Conversion
      • Comparison
      • Security
    • Data Types
      • Text
      • Expression
      • Array
      • Object
      • Integer
      • Decimal
      • Boolean
      • Timestamp
      • Null
    • Environment Variables
    • Additional Features
      • Response Caching
  • Testing and Debugging
    • Testing and Debugging Function Stacks
    • Unit Tests
    • Test Suites
  • CI/CD
  • File Storage
    • File Storage in Xano
    • Private File Storage
  • Realtime
    • Realtime in Xano
    • Channel Permissions
    • Realtime in Webflow
  • Maintenance, Monitoring, and Logging
    • Statement Explorer
    • Request History
    • Instance Dashboard
      • Memory Usage
  • Building Backend Features
    • User Authentication & User Data
      • Separating User Data
      • Restricting Access (RBAC)
      • OAuth (SSO)
    • Webhooks
    • Messaging
    • Emails
    • Custom Report Generation
    • Fuzzy Search
    • Chatbots
  • Xano Features
    • Snippets
    • Instance Settings
      • Release Track Preferences
      • Static IP (Outgoing)
      • Change Server Region
      • Direct Database Connector
      • Backup and Restore
      • Security Policy
    • Advanced Back-end Features
      • Xano Link
      • Developer API (Deprecated)
    • Metadata API
      • Master Metadata API
      • Tables and Schema
      • Content
      • Search
      • File
      • Request History
      • Workspace Import and Export
      • Token Scopes Reference
  • Xano AI
    • Building a Backend Using AI
    • Get Started Assistant
    • AI Database Assistant
    • AI Lambda Assistant
    • AI SQL Assistant
    • API Request Assistant
    • Template Engine
    • Streaming APIs
  • AI Tools
    • MCP Servers
      • Connecting Clients
      • MCP Functions
  • Xano Transform
    • Using Xano Transform
  • Xano Actions
    • What are Actions?
    • Browse Actions
  • Team Collaboration
    • Realtime Collaboration
    • Managing Team Members
    • Branching & Merging
    • Role-based Access Control (RBAC)
  • Agencies
    • Xano for Agencies
    • Agency Features
      • Agency Dashboard
      • Client Invite
      • Transfer Ownership
      • Agency Profile
      • Commission
      • Private Marketplace
  • Enterprise
    • Xano for Enterprise
    • Enterprise Features
      • Microservices
      • Tenant Center
      • Compliance Center
      • Security Policy
      • Instance Activity
      • Deployment
      • RBAC (Role-based Access Control)
      • Xano Link
  • Your Xano Account
    • Account Page
    • Billing
    • Referrals & Commissions
  • Troubleshooting & Support
    • Error Reference
    • Troubleshooting Performance
      • When a single workflow feels slow
      • When everything feels slow
      • RAM Usage
      • Function Stack Performance
    • Getting Help
      • Granting Access
      • Community Code of Conduct
      • Community Content Modification Policy
  • Special Pricing
    • Students & Education
    • Non-Profits
  • Security
    • Best Practices
Powered by GitBook
On this page
  • Permissions Center
  • Roles
  • Workspaces View

Was this helpful?

  1. Enterprise
  2. Enterprise Features

RBAC (Role-based Access Control)

Last updated 3 months ago

Was this helpful?

Role-Based Access Control (Permissions) is included with our Scale and Enterprise plans.

Xano Enterprise allows granular permissions control for each team member and workspace within an Instance.

Permissions Center

The Permissions Center, when enabled, allows the Instance owner full control over role-based permissions across each workspace within the Instance.

To access the Permissions Center, open the menu panel on the Instance then choose Permissions (RBAC).

Roles

Roles can be managed and created from the Roles view of the Permission Center.

Default Roles

Xano includes two default roles, which permissions are standard and cannot be modified. These roles are admin and developer.

Permissions

Permission types can be set on the various workspace objects in Xano. The permission types are as follows:

  • (C) Create - permission to create the specified object.

  • (R) Read - permission to read the specific object.

  • (U) Update - permission to update or modify the specified object.

  • (D) Delete - permission to delete the specified object.

  • Full - permission to Create, Read, Update, and Delete (CRUD).

  • Enabled/Disabled - some objects only require enabling or disabling the permission.

  • Inherit* - inherit is a special permission type. This permission will inherit the same permission from the parent role type. Meaning, inherit is chosen for Jane Doe on Workspace A for Run & Debug, then Jane's permission on Run & Debug will inherit the permission of her assigned role.

Objects

Please read each description carefully to understand the permissions for each object. The objects with role-based access control include:

  • Instance Billing - access to manage Instance billing.

  • Instance Workspace - access to manage Instance workspaces.

  • Workspace Export - allows usage of the workspace export feature.

  • Workspace Run & Debug - allows usage of the workspace Run & Debug feature.

  • Workspace Addons - allows access to workspace Addons.

  • Workspace API Groups - allows access to workspace API groups.

  • Workspace Connect - allows access to workspace Connect Center.

  • Workspace Content - allows access to workspace content (database records).

  • Workspace Live Data Source - allows access to workspace content (database records) on the live data source.

When disabled, users can still access non-live data source content (if Workspace Content permission is enabled). Use this permission to protect access to production data.

  • Workspace Database - allows access to workspace database.

  • Workspace Env - allows access to workspace Environment Variables.

  • Workspace Files - allows access to workspace Files and File Management.

  • Workspace Functions - allows access to workspace Custom Functions in the Library.

  • Workspace Marketplace - allows access to workspace Marketplace.

  • Workspace Request History - allows access to workspace API Request History.

  • Workspace Task - allows access to workspace Background Tasks.

  • Additional objects coming soon.

Create a Custom Role

To create a new role select + Add new custom role.

Edit Role Permissions

To edit the permissions on a custom role, double-click the permission level to modify and select the new permission from the dropdown.

Workspaces View

The initial view in the Permissions Center provides a view of all the Workspaces, team members, and permissions in the Instance.

You can easily filter by team member and workspace to see which permissions are enabled for a particular person and workspace.

Copy/Paste Permissions

Copy/Paste Permission enables you to quickly assign a team member the same permissions as another one. This is useful when you have team members that need the exact same access across each Workspace.

To do this, choose the Copy/Paste button, then the team member you want to copy permissions from, and the team member you wish to paste permissions to.

Edit Permissions on a Workspace

Bulk-Assigning Roles and Permissions

Click the three dots above your roles list to open a menu, offering quick access to managing roles and permissions.

Managing Team Roles

Choose the role you would like to apply and then select the users you would like to apply the role to.

Bulk Editing Permissions

Select the users who you would like to modify permissions for. After that, select the workspaces you would like to modify the permissions for with each user. Finally, you can modify the permissions as desired. Any row left Unmodified will not be changes,

You can edit specific permissions on a Workspace for a team member by you want to modify.

clicking on the permission
Open the menu panel of your instance.
Open Permissions (RBAC).
Manage Role in the Permissions Center.
Create a new Custom Role.
Modify Permissions of a Role.
In this example, we are looking at Michael's permissions across all workspaces.
COPY/PASTE Permissions of one team member to another.