Skip to main content

Set up environment-level permissions

To set up and configure environment-level permissions, you must have write permissions to the Groups & Licenses settings of your dbt Cloud account. For more information about roles and permissions, check out User permissions and licenses.

Environment-level permissions are not the same as account-level role-based access control (RBAC) and are configured separately from those workflows.

Setup instructions

In your dbt Cloud account:

  1. Open the gear menu and select Account settings. From the left-side menu, select Groups & Licenses. While you can edit existing groups, we recommend not altering the default Everyone, Member, and Owner groups.
Groups & Licenses page in dbt Cloud with the default groups highlighted.Groups & Licenses page in dbt Cloud with the default groups highlighted.
  1. Create a new or open an existing group. If it's a new group, give it a name, then scroll down to Access & permissions. Click Add.
The Access & permissions section with the Add button highlighted.The Access & permissions section with the Add button highlighted.
  1. Select the Permission set for the group. Only the following permissions sets can have environment-level permissions configured:
  • Database admin
  • Git admin
  • Team admin
  • Analyst
  • Developer

Other permission sets are restricted because they have access to everything (for example, Account admin), or limitations prevent them from having write access to environments (for example, Account viewer).

If you select a permission set that is not supported, the environment permission option will not appear.

The view of the permissions box if there is no option for environment permissions.The view of the permissions box if there is no option for environment permissions.
  1. Select the Environment for group access. The default is All environments, but you can select multiple. If none are selected, the group will have read-only access.
A list of available environments with the Staging and General boxes selected.A list of available environments with the Staging and General boxes selected.
  1. Save the Group settings. You're now setup and ready to assign users!

User experience

Users with permissions to the environment will see all capabilities assigned to their role. The environment-level permissions are write or read-only access. This feature does not currently support determining which features in the environment are accessible. For more details on what can and can not be done with environment-level permissions, refer to About environment-permissions.

For example, here is an overview of the Jobs section of the environment page if a user has been granted access:

The jobs page with write access and the 'Create job' button visible .The jobs page with write access and the 'Create job' button visible .

The same page if the user has not been granted environment-level permissions:

The jobs page with read-only access and the 'Create job' button is not visible .The jobs page with read-only access and the 'Create job' button is not visible .
0