Role-Based Access Controls

Fides uses Role-Based Access Controls which means that users can be assigned various roles within the organization that grant them a specific set of scopes (permissions).

To get started, login as the root user to create an initial user with sufficient admin permissions (owner or contributor). We recommend logging in as one of those users to create other users in your organization with various levels of responsibility.

Available roles

These are the current roles that can be granted to users within your organization:

Adding roles to users

Logging in for the first time

The first time that you log into the system you will need to use the root user that Fides ships with to create new users. We recommend avoiding using the root user for Fides management other than this initial account creation.

The root user is automatically granted all possible scopes.

Setting up your first user

Login as the root user using the root_username and root_password.

Note: this info was likely configured during installation in the security section of fides.toml but may also be set using the FIDES__SECURITY__ROOT_USERNAME and FIDES__SECURITY__ROOT_PASSWORD environment variables.

Click on the gear icon in the upper right of the navigation bar to navigate to Management > Users and click on Add New User.

Complete the fields for Username (typically email), First Name, Last Name, and a strong password. Click Save.

Once saved, the Permissions tab becomes accessible. Select the correct role and click Save. As an Owner, you will be able to manage all settings in Fides and create additional users:

Configuring other users

To add other users, login as an Owner or Contributor account, and follow the workflow above to assign various roles to users within your organization. In the example below, we are adding a user that can manage Privacy Requests.

Login as an Owner or Contributor:

Navigate to Management > Users and click on Add New User. Enter the information for the Privacy Request Approver.

In the Permissions tab, add the Viewer & Approver role to that user. This user will be given limited view access to the UI but will be able to manage privacy requests and view systems.

Assigning systems

Owners, Contributors, and Viewers can be assigned to systems as Data Stewards (system owners). For Viewers, this provides an elevated set of permissions to manage the assigned systems without changing their overall permissions.

Note that Owners can edit all systems without being assigned as the Data Steward.

To assign systems to a user, first assign their role (ex. Viewer & Approver) and then use the Assign Systems+ button to select the systems they should manage. In this example, we click the Viewer & Approver row and then click Assign Systems+

In the Assign systems modal, toggle on/off the specific systems that you want this user to manage. You may assign all systems using the Assign all systems toggle or use the search to filter to the set of systems you want to assign. Using the Assign all systems toggle with filtered results will only assign the visible systems. When you've made your choices, click Confirm.

In this example, the user has been assigned a Viewer & Approver role which grants view-only access to all settings and systems in Fides. However, they have additionally been assigned as the Data Steward for the Cookie House Marketing System and the Cookie House Customer Database and can make updates to those specific systems.