Skip to content
User Guides
Security
Role-based access control

Role-Based Access Controls

Fides uses Role-Based Access Controls which means that users can be assigned various roles within the organization that grant them a specific set of scopes (permissions).

To get started, login as the root user to create an initial user with sufficient admin permissions (owner or contributor). We recommend logging in as one of those users to create other users in your organization with various levels of responsibility.

Available roles

These are the current roles that can be granted to users within your organization:

RoleDescription
OwnerA user with full control over all settings and systems in Fides. This user Can create all types of users and be assigned systems as a data steward.
ContributorA user with full control over all settings and systems in Fides except for some organization-wide system configurations like storage and messaging for privacy requests. This user can create all types of users except Owners and be assigned systems as a data steward.
ViewerA user with read-only access to all settings and systems in Fides. This user can be assigned systems as a data steward.
Viewer + ApproverA user with read-only access to all settings and systems in Fides who can review and respond to privacy requests. This user can be assigned systems as a data steward.
ApproverA user who can only approve and respond to privacy requests in the Privacy Request UI.

Adding roles to users

Logging in for the first time

The first time that you log into the system you will need to use the root user that Fides ships with to create new users. We recommend avoiding using the root user for Fides management other than this initial account creation.

The root user is automatically granted all possible scopes.

Setting up your first user

Login as the root user using the root_username and root_password.

Note: this info was likely configured during installation in the security section of fides.toml but may also be set using the FIDES__SECURITY__ROOT_USERNAME and FIDES__SECURITY__ROOT_PASSWORD environment variables.

Login as root

Click on the gear icon in the upper right of the navigation bar to navigate to Management > Users and click on Add New User.

User tab

Complete the fields for Username (typically email), First Name, Last Name, and a strong password. Click Save.

Create your own user

Once saved, the Permissions tab becomes accessible. Select the correct role and click Save. As an Owner, you will be able to manage all settings in Fides and create additional users:

Set Owner Perms

Configuring other users

To add other users, login as an Owner or Contributor account, and follow the workflow above to assign various roles to users within your organization. In the example below, we are adding a user that can manage Privacy Requests.

Login as an Owner or Contributor:

Login as owner

Navigate to Management > Users and click on Add New User. Enter the information for the Privacy Request Approver.

Create approver user

In the Permissions tab, add the Viewer & Approver role to that user. This user will be given limited view access to the UI but will be able to manage privacy requests and view systems.

Set Approver Perms

Assigning systems

Owners, Contributors, and Viewers can be assigned to systems as Data Stewards (system owners). For Viewers, this provides an elevated set of permissions to manage the assigned systems without changing their overall permissions.

Note that Owners can edit all systems without being assigned as the Data Steward.

To assign systems to a user, first assign their role (ex. Viewer & Approver) and then use the Assign Systems+ button to select the systems they should manage. In this example, we click the Viewer & Approver row and then click Assign Systems+

Viewer Role

In the Assign systems modal, toggle on/off the specific systems that you want this user to manage. You may assign all systems using the Assign all systems toggle or use the search to filter to the set of systems you want to assign. Using the Assign all systems toggle with filtered results will only assign the visible systems. When you've made your choices, click Confirm.

Assign Systems

In this example, the user has been assigned a Viewer & Approver role which grants view-only access to all settings and systems in Fides. However, they have additionally been assigned as the Data Steward for the Cookie House Marketing System and the Cookie House Customer Database and can make updates to those specific systems.

system_list

Fides Cloud vs Self HostedDeveloper Docs