Role-Based Access Control (RBAC)
Beta

Control access to actions and data in Backstage with ease

Developer

Spotify

About Role-Based Access Control (RBAC)

The RBAC plugin is a no-code management UI for restricting access to plugins, routes, and data within Backstage. Admins can quickly define roles, assign users and groups, and configure permissions to encode authorization decisions according to your organization's evolving security and compliance needs.

Simplify access management
RBAC makes it easy for anyone, not just engineers, to efficiently manage access to resources and actions in Backstage. With its no-code interface, administrators can easily set up roles with members and permissions - including complex conditional permissions or those exported from private plugins.
Remain compliant and secure
The simpler it is to manage role-based access control, the better protected your data will be. RBAC allows administrators to quickly, flexibly, and easily create, publish, edit, or revert permission policies to stay up-to-date and compliant with your organization's security needs.

Role-Based Access Control (RBAC) features

Homepage

The RBAC homepage displays current and previously published policies, and the table below lists previous policy versions, which you can either view or republish.

Roles

Roles make permission decisions in the RBAC plugin. Each role includes a list of members and affiliated permissions. RBAC integrates with Backstage's catalog of users and groups to assign role membership.

Permissions

Permissions can be matched to the role by specific permission name, permission properties, or globally. Permissions return policy decisions – either allow, deny or conditional.