Role-Based Access Controls
Fides uses Role-Based Access Controls which means that users can be assigned various roles within the organization that grant them a specific set of scopes (permissions).
To get started, login as the
root user to create an initial user with sufficient admin permissions (
contributor). We recommend logging in as one of those users to create other users in your organization with various levels of responsibility.
These are the current roles that can be granted to users within your organization:
|Owner||A user with full control over all settings and systems in Fides. This user Can create all types of users and be assigned systems as a data steward.|
|Contributor||A user with full control over all settings and systems in Fides except for some organization-wide system configurations like storage and messaging for privacy requests. This user can create all types of users except |
|Viewer||A user with read-only access to all settings and systems in Fides. This user can be assigned systems as a data steward.|
|Viewer + Approver||A user with read-only access to all settings and systems in Fides who can review and respond to privacy requests. This user can be assigned systems as a data steward.|
|Approver||A user who can only approve and respond to privacy requests in the Privacy Request UI.|
The first time that you log into the system you will need to use the
root user that Fides ships with to create new users. We recommend avoiding using the root user for Fides management other than this initial account creation.
The root user is automatically granted all possible scopes.
Login as the root user using the
Note: this info was likely configured during installation in the security section of
fides.toml but may also be set using the
FIDES__SECURITY__ROOT_PASSWORD environment variables.
Click on the gear icon in the upper right of the navigation bar to navigate to Management > Users and click on
Add New User.
Complete the fields for Username (typically email), First Name, Last Name, and a strong password. Click
Once saved, the Permissions tab becomes accessible. Select the correct role and click
Save. As an
Owner, you will be able to manage all settings in Fides and create additional users:
To add other users, login as an
Contributor account, and follow the workflow above to assign various roles to users within your organization. In the example below, we are adding a user that can manage Privacy Requests.
Login as an
Navigate to Management > Users and click on
Add New User. Enter the information for the Privacy Request Approver.
In the Permissions tab, add the
Viewer & Approver role to that user. This user will be given limited view access to the UI but will be able to manage privacy requests and view systems.
Viewers can be assigned to systems as Data Stewards (system owners). For
Viewers, this provides an elevated set of permissions to manage the assigned systems without changing their overall permissions.
Owners can edit all systems without being assigned as the Data Steward.
To assign systems to a user, first assign their role (ex.
Viewer & Approver) and then use the
Assign Systems+ button to select the systems they should manage.
In this example, we click the
Viewer & Approver row and then click
In the Assign systems modal, toggle on/off the specific systems that you want this user to manage. You may assign all systems using the
Assign all systems toggle or use the search to filter to the set of systems you want to assign. Using the
Assign all systems toggle with filtered results will only assign the visible systems. When you've made your choices, click
In this example, the user has been assigned a
Viewer & Approver role which grants view-only access to all settings and systems in Fides. However, they have additionally been assigned as the Data Steward for the
Cookie House Marketing System and the
Cookie House Customer Database and can make updates to those specific systems.