Skip to main content

Documentation Index

Fetch the complete documentation index at: https://backstage.spotify.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Overview

RBAC is a no-code management UI for restricting access to functionality and data within Portal. An admin can quickly define roles, assign users and groups, and configure permissions to encode authorization decisions according to evolving security and compliance needs. Find out more in the RBAC plugin documentation.

Enabling RBAC

RBAC is enabled by default. All Portal admins are also RBAC admins. If needed, you can configure additional RBAC admins through the RBAC card in the config manager.

Portal’s default RBAC policy

The RBAC policy in Portal is permissive by default, allowing Portal users to access almost everything. However, certain permissions are reserved for admins, captured in admin roles:
  • Soundcheck admins can manage elements of Soundcheck, like tracks, checks, and campaigns.
  • Insights admins have access to the Insights UI.
  • Entity overlays admins can always update an entity.
Portal admins are automatically set as members in these admin roles.
New roles or permission decisions may be added to the default policy with new Portal releases.

Using your own policy

If you need a more restrictive policy or to otherwise modify permissions within Portal, you can duplicate the default policy, make adjustments, then save and publish your new policy. Be sure to familiarize yourself with the RBAC core concepts before doing so.
Once you duplicate the default policy and publish your own, you are in full control of permissions in Portal. Any updates to Portal’s default policy in subsequent releases will be ignored. Updates you make to the list of Portal admins will no longer be automatically reflected within your policy.