rbac icon

Role-Based Access Control (RBAC)

Control access to actions and data in Backstage with ease





rbac new permission decision
rbac active policyrbac conditional decision

About the plugin

The RBAC plugin is a no-code management UI for restricting access to plugins, routes, and data within Backstage. Admins can quickly define roles, assign users and groups, and configure permissions to encode authorization decisions according to your organization's evolving security and compliance needs.

  • Simplify access management

    RBAC makes it easy for anyone, not just engineers, to efficiently manage access to resources and actions in Backstage. With its no-code interface, administrators can easily set up roles with members and permissions - including complex conditional permissions or those exported from private plugins.

  • Remain compliant and secure

    The simpler it is to manage role-based access control, the better protected your data will be. RBAC allows administrators to quickly, flexibly, and easily create, publish, edit, or revert permission policies to stay up-to-date and compliant with your organization's security needs.

Role-Based Access Control (RBAC) features


Roles make permission decisions in the RBAC plugin. Each role includes a list of members and affiliated permissions. RBAC integrates with Backstage's catalog of users and groups to assign role membership.

rbac roles


Permissions can be matched to the role by specific permission name, permission properties, or globally. Permissions return policy decisions – either allow, deny or conditional.

rbac permissions

Conditional decisions

The RBAC plugin has a condition builder that helps you compose rules corresponding to the permission.

rbac conditional permissions

Policy tester

The Policy Tester is a powerful feature to simulate your draft and published policies to determine the outcome for specific permissions and roles.

A page showing the policy testing feature. Selection fields for the test criteria (permission and roles) are shown above the results of the test.


After you're done creating a policy, you can publish it. Backstage immediately uses the new policy to make authorization decisions.

rbac publishing

Additional information

Book a demo

Still have questions about Role-Based Access Control (RBAC)? No problem, just join one of our weekly demos hosted by a Spotify expert.

backstage beaver lecturing