Skip to main content

Documentation Index

Fetch the complete documentation index at: https://backstage.spotify.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

What does RBAC help me do?

The RBAC plugin works with the Backstage permission framework to provide support for role-based access control in Backstage. The Backstage permission framework is a system in the open-source Backstage project, which allows granular control of access to specific resources or actions. Among the first-party Backstage plugins, the Catalog and Scaffolder register their own permissions (for example, catalog.entity.read, catalog.entity.create, scaffolder.template.parameter.read, scaffolder.action.execute, and scaffolder.task.*), and you can target those permissions directly in your RBAC policy. TechDocs does not register any permissions of its own; its visibility is controlled indirectly through the catalog permissions on the entities the docs belong to. For example, an RBAC rule that limits catalog.entity.read to entities a user owns will automatically restrict that user to the TechDocs of those same entities, with no additional TechDocs configuration required. Many of our commercial plugins (such as Insights and Soundcheck) and third-party or in-house plugins also register permissions, which become available in RBAC once those plugins are added to permission.permissionedPlugins (see Setup & Installation). Permissions are controlled in a Backstage instance through a policy. A policy is simply an async function which receives a request to authorize a specific action for a user and (optional) resource, and returns a decision on whether to authorize that permission. Without the RBAC plugin, integrators must implement their own policies from scratch, or adapt reusable policies written by others. The RBAC plugin allows you to control permissions in Backstage without writing code. Instead, you can manage your policy using the RBAC interface integrated with Backstage. Once you publish the changes to your policy, they will be reflected immediately. With the RBAC plugin, you manage the permissions in your Backstage instance by assigning users and groups to roles, and configuring the rules that should apply for each role. You can use powerful matching features to keep your policy short, or supply granular decisions for each available permission and role.

Demo


Learn more about our RBAC plugin