Role-Based Access Control (RBAC)Beta
Control access to actions and data
in Backstage with ease.

About RBAC
The RBAC plugin is a no-code management UI for restricting access to plugins, routes, and data within Backstage. Admins can quickly define roles, assign users and groups, and configure permissions to encode authorization decisions according to your organization’s evolving security and compliance needs.
Simplify access management
RBAC makes it easy for anyone, not just engineers, to efficiently manage access to resources and actions in Backstage. With its no-code interface, administrators can easily set up roles with members and permissions – including complex conditional permissions or those exported from private plugins.
Remain compliant and secure
The simpler it is to manage role-based access control, the better protected your data will be. RBAC allows administrators to quickly, flexibly, and easily create, publish, edit, or revert permission policies to stay up-to-date and compliant with your organization’s security needs.
RBAC features
Homepage
The RBAC homepage displays current and previously published policies, and the table below lists previous policy versions, which you can either view or republish.

Roles
Roles make permission decisions in the RBAC plugin. Each role includes a list of members and affiliated permissions. RBAC integrates with Backstage’s catalog of users and groups to assign role membership.

Permissions
Permissions can be matched to the role by specific permission name, permission properties, or globally. Permissions return policy decisions – either allow, deny or conditional.

Conditional decisions
The RBAC plugin has a condition builder that helps you compose rules corresponding to the permission.

Publishing
After you’re done creating a policy, you can publish it. Backstage immediately uses the new policy to make authorization decisions.

Frequently Asked Questions 🤔
Where can I find installation instructions and technical documentation for RBAC?
All of the installation instructions for the Spotify Plugins for Backstage are public via npm packages. You can find the documentation specifically for RBAC in this npm package.
How is this different from the open source permissions framework?
The biggest difference between the RBAC offering within the Spotify Plugins for Backstage subscription and the open source permissions framework is that the RBAC plugin is a no-code interface that easily allows anyone within your organization to configure permission policies. This plugin offers a guided policy authoring experience, so that you don't need to dig through code and docs to implement your policy. RBAC provides real-time validation as you build your policy, structured mapping between organization and roles, and a view of all the changes made.
How do I integrate RBAC with my other plugins?
RBAC utilizes Backstage’s open source permission framework to allow or restrict access. In order to integrate RBAC with other plugins, plugins should instead integrate with the permission framework. More information on how to configure the permission framework for a plugin can be found here.