Access Control

The Environments a given User has access to is determined by their Roles.

The various permissions described below can be assigned to Custom Aptible Roles on a per-Environments basis in order to grant access to various aspects of the Environment. These permissions are configured in the Dashboard.



Using multiple Environments makes it easy to restrict users to specific Apps or Databases.

Read Permissions

  • Basic Visibility - Allows Users to see basic information for all of the resources in the Environment. It does not allow them to manage the resources or see any sensitive values such as Database Credentials or Configuration values.
  • Full Visibility - Allows Users to see all information for all of the resources in the Environment including App Configurations. The one exception is Database Credentials which cannot be seen.

Write Permissions

The following permissions allow Users to see sensitive values and modify resources in the Environment according to their description. For a more detailed list of the actions that each permission has access to see the Permissions Matrix further down on this page.

  • Environment Admin - Grants Users unrestricted access to the Environment. This includes the ability to see all sensitive values and take any action against any resource in the Environment.
  • Deployment - Allows Users to create and deploy resources in the Environment. This includes actions such as create, deploy, configure, and restart. It does not grant access to read any sensitive values.
  • Destruction - Allows Users to destroy every resource in the Environment as well as the Environment itself.
  • Ops - Allows Users to create and manage Log and Metric Drains in the Environment. It also allows Users to take actions commonly associated with incident response such as restarting and scaling resources.
  • Sensitive Access - Allows Users to see and manage sensitive values in the Environment such as configuring Apps, viewing Database Credentials, and managing Certificates.
  • Tunnel - Allows User to tunnel into Databases in the Environment. This permission does not allow Users to see Database Credentials so Users will need to be provided credentials through another channel.



Multiple permissions can be assigned per-Environment. For example, a role can be granted the Sensitive Access and Tunnel permission which will allow members of the role to tunnel into the Environment's Databases and see their Credentials.

Organization Admins

Users that belong to the Account or Deploy Owner roles have the equivalent of Environment Admin access to all of the Organization's Environments. Additionally, they can create new Environments for the Organization.

Permissions Matrix

This matrix describes what permission (header) is required for each resource action (left column).



Every permission allows users to read basic, non-sensitive information about the Environment and all of the resources in it.

Reading sensitive information is listed as an action for applicable resource. Apps - Read Configuration is one example.

Environment AdminFull VisibilityDeploymentDestructionOpsSensitive AccessTunnel
Manage Backup Retention Policyβœ”
AppsEnvironment AdminFull VisibilityDeploymentDestructionOpsSensitive AccessTunnel
Read Configurationβœ”βœ”βœ”
Create Endpointsβœ”βœ”
Deprovision Endpointsβœ”βœ”
Stream Logsβœ”βœ”βœ”
Scan Imageβœ”βœ”βœ”
DatabasesEnvironment AdminFull VisibilityDeploymentDestructionOpsSensitive AccessTunnel
Read Credentialsβœ”βœ”
Create Backupsβœ”βœ”βœ”
Restore Backupsβœ”βœ”
Purge Backupsβœ”βœ”
Restart / Reload / Modifyβœ”βœ”βœ”
Create Replicasβœ”βœ”
Create Endpointsβœ”βœ”
Deprovision Endpointsβœ”βœ”
Create Tunnelsβœ”βœ”
Stream Logsβœ”βœ”βœ”
Log and Metric DrainsEnvironment AdminFull VisibilityDeploymentDestructionOpsSensitive AccessTunnel
SSL CertificatesEnvironment AdminFull VisibilityDeploymentDestructionOpsSensitive AccessTunnel