RBAC (Role-Based Access Control) for organizations
Solarius supports Role-Based Access Control (RBAC) to help organizations securely manage user permissions across services, data, and infrastructure. RBAC ensures that team members only have access to what they need, nothing more, nothing less.
What is RBAC?
RBAC is a permission model where users are assigned roles that determine what actions they can perform. This helps teams enforce the principle of least privilege, ensuring that users only have access to the resources necessary for their job functions.
It also allows for easier management of permissions as roles can be assigned to multiple users, and changes to a role automatically apply to all users assigned that role.
Built-in roles
Solarius includes several predefined roles. These are available across all organizations and workspaces:
| Role | Description |
|---|---|
| Owner | Full access to all features and settings. Can transfer ownership or delete the org. |
| Admin | Manage users, services, billing, integrations, and security settings. |
| Billing Contact | View and manage payment methods, invoices, and receipts. No access to services or users. |
| Member | Access to assigned services/products. Cannot manage settings or users. |
| Viewer | Read-only access to dashboards and data. Cannot modify anything. |
Roles are enforced globally across the Solarius platform and all services your organization uses. Custom roles can be created for specific services or applications.
Permissions by feature
Permissions are grouped by feature or service. Each role has a set of permissions that determine what actions can be performed within that feature.
| Feature / Area | Owner | Admin | Billing Contact | Member | Viewer |
|---|---|---|---|---|---|
| ORGANIZATION MANAGEMENT | |||||
| Create/Delete Organization | ✅ | ❌ | ❌ | ❌ | ❌ |
| Transfer Ownership | ✅ | ❌ | ❌ | ❌ | ❌ |
| Add/Remove Members | ✅ | ✅ | ❌ | ❌ | ❌ |
| Change Member Roles | ✅ | ✅ | ❌ | ❌ | ❌ |
| Invite External Collaborators | ✅ | ✅ | ❌ | ✅ | ❌ |
| View Organization Profile | ✅ | ✅ | ✅ | ✅ | ✅ |
| Edit Organization Profile | ✅ | ✅ | ❌ | ❌ | ❌ |
| BILLING AND PAYMENTS | |||||
| View/Update Billing Info | ✅ | ✅ | ✅ | ❌ | ❌ |
| View Invoices & Receipts | ✅ | ✅ | ✅ | ❌ | ❌ |
| Update Payment Method | ✅ | ✅ | ✅ | ❌ | ❌ |
| Cancel Subscription | ✅ | ✅ | ✅ | ❌ | ❌ |
| Modify Billing Cycle | ✅ | ✅ | ✅ | ❌ | ❌ |
| Enable/Disable Auto-renew | ✅ | ✅ | ✅ | ❌ | ❌ |
| Apply Tax Exemption or VAT ID | ✅ | ✅ | ✅ | ❌ | ❌ |
| Export Financial Reports | ✅ | ✅ | ✅ | ❌ | ❌ |
| PRODUCT AND SERVICE SETTINGS | |||||
| Manage Product Integrations | ✅ | ✅ | ❌ | ❌ | ❌ |
| Configure Feature Flags | ✅ | ✅ | ❌ | ❌ | ❌ |
| Enable/Disable Services | ✅ | ✅ | ❌ | ❌ | ❌ |
| Access Developer Tools / APIs | ✅ | ✅ | ❌ | ✅ | ❌ |
| Manage OAuth Apps / Secrets | ✅ | ✅ | ❌ | ✅ | ❌ |
| Create API Keys | ✅ | ✅ | ❌ | ✅ | ❌ |
| Revoke API Keys | ✅ | ✅ | ❌ | ❌ | ❌ |
| ANALYTICS AND USAGE | |||||
| View Dashboards & Usage Stats | ✅ | ✅ | ✅ | ✅ | ✅ |
| Export Usage Reports | ✅ | ✅ | ✅ | ✅ | ❌ |
| Configure Monitoring Alerts | ✅ | ✅ | ❌ | ❌ | ❌ |
| View Logs / Activity | ✅ | ✅ | ✅ | ✅ | ✅ |
| USER SETTINGS AND PREFERENCES | |||||
| Edit Own Profile | ✅ | ✅ | ✅ | ✅ | ✅ |
| Change Password / 2FA | ✅ | ✅ | ✅ | ✅ | ✅ |
| Manage Notifications | ✅ | ✅ | ✅ | ✅ | ✅ |
| Delete Own Account | ✅ | ✅ | ✅ | ✅ | ✅ |
| SECURITY AND COMPLIANCE | |||||
| View Security Audit Logs | ✅ | ✅ | ✅ | ❌ | ❌ |
| Configure SSO / SCIM / LDAP | ✅ | ✅ | ❌ | ❌ | ❌ |
| Set RBAC Policies / Access Levels | ✅ | ✅ | ❌ | ❌ | ❌ |
| Manage IP Allow Lists | ✅ | ✅ | ❌ | ❌ | ❌ |
| Enable Compliance Features (SOC2, etc.) | ✅ | ✅ | ❌ | ❌ | ❌ |
All settings can be managed and tweaked to your organization's needs. Custom roles can also be created to provide specific permissions for unique workflows or applications.
RBAC for enterprise teams
Larger organizations often need stricter control and custom role segmentation. Solarius provides:
- Multi-admin support
- Audit logging for all role changes and sensitive actions
- MFA enforcement per role
- Custom Role Support
- SCIM / SSO integration for identity provisioning
To enable SSO, RBAC sync, or role automation, you can configure your identity provider (IdP) to manage roles based on group membership or attributes. This allows for dynamic role assignment based on user attributes, such as department or job title. All configuration options are located in the Security section of your organization settings.
Managing roles
- Log in to id.solarius.me or your organization dashboard to manage roles
- Navigate to Organization Settings -> Members
- Locate the user you want to edit
- Use the role selector dropdown to assign or change their role
- Changes take effect immediately and are logged in the activity log
Best practices
- Assign at least two Admins per org to avoid lockout
- Keep Owners to a minimum
- Use Viewer roles for audit-only personnel or external stakeholders
- Rotate Billing Contacts when changing finance personnel
- Periodically review active members and access levels
Questions or support
If you have any questions about RBAC, need help configuring roles, or want to request custom roles, please create a support ticket or email us at help@solarius.me.