Roles & Permissions
Roles and Permissions control what a teammate can do on Middleware and where they can do it. You first create a role that defines allowed actions across product modules. You then invite a user and attach that role. Finally, you decide whether the user can access all projects or only selected ones.
Create a Role
1. Open the role builder
Go to Settings → Roles & Permissions and select Create New Role. This opens a side panel to configure a new role.
2. Name the Role
Use a clear, function-based name such as Basics, Observer, or Installer. Short names make it easier to scan the roles list later.
3. Choose Permissions
Permissions are listed by product area. Tick only what the role needs.
4. Create the Role
Save the role. You will see a confirmation and the role will appear in the list with visible chips for the modules you allowed.
Default roles in Middleware are Admin and User. The Roles & Permissions page shows which modules each default role can access, such as Alerts, API Keys, APM, Audit Logs, Billing, Infrastructure, Installation, Logs, Teams, Unified Dashboard, and User Management. Use that table if you want a quick baseline for what typical Admin and User access looks like:
| Permission | Admin | User |
|---|---|---|
| Alert | Create New Alerts View Alert History | View Alert History |
| API Keys | Access To View Api Keys Create Api Keys Edit Remove Api Key | Access To View Api Keys |
| APM | APM Dashboard Projects Traces | APM Dashboard Projects Traces |
| Audit Logs | View Audit Logs Export Audit Logs | View Audit Logs |
| Billing | Billing And Usages | ✖️ |
| Infrastructure | Host List Container Process | Host List Container Process |
| Installation | Access To View Installation Script | Access To View Installation Script |
| Logs | Logs | Logs |
| Preference | Setup Notification Preference Setup Timezone | ✖️ |
| Teams | Access To View Teams Create Teams Edit Remove Teams | Access To View Teams |
| Unified Dashboard | Unified View | Unified View |
| User Management | Access To Invite User Access To View Users | Access To View Users |
Invite a User and Assign the Role
1. Go to Users → Invite New User
Enter the teammate’s email and name.
2. Attach the Role
Open the Role dropdown and select the role you just created. You can also choose the built-in Administrator or User roles if they fit the need.
3. Decide Project Access
- Keep All Project Access on if the user should see every project
- Or choose Select Projects and tick only the projects they should access
4. Send the Invite
Click Invite User. The user will receive an email. When they sign in they will see the modules allowed by the role and only the projects you scoped.
Edit a Role Later
You can change permissions for a role at any time. On the Roles & Permissions page, open the actions menu for a role, choose Edit, adjust the checkboxes, then save. Changes apply to all users who have that role.
Practical Guidance
- Follow least privilege. Start with view-only access for modules like APM, Logs, or Infrastructure. Add create or edit only when required.
- Use reusable roles. Create roles that match job functions such as Observer for read access, Operator for alerting and day-to-day ops, or Billing Viewer for finance teams.
- Scope by project to separate environments or tenants. A user can have broad module rights and still be limited to a single project.
- Review regularly. When teams change or projects are archived update roles and project access.
Need assistance or want to learn more about Middleware? Contact our support team at [email protected] or join our Slack channel.