Skip to main content
Version: User Guides (BYOC)

User Roles

In Zilliz Cloud, Role-based Access Control (RBAC) is pivotal for delineating permissions across organizations, projects, and clusters. This system allows organization and project admins to efficiently manage user roles and access, maintaining streamlined operations and security.

For a deeper understanding of how organizations and projects are structured, refer to Resource Hierarchy.

Organization roles

To manage access and actions at the organization level, Zilliz Cloud introduces two organization roles, delineating who can access which modules and perform specified actions.

  • Organization Owner: has full administration access to the organization, including organization settings, all projects in the organization, and associated resources.

  • Billing Admin: has full administration access to the organization billing, where they can view and edit organization billing information, receive email notifications related to billing. However, the access to the organization resources like projects and clusters are limited.

  • Organization Member: has limited access to the organization, where they can view organization settings and invite users to join the organization. The specific scope of permission on project- and cluster-level resources owned by an organization member is determined by their project roles.

Project roles

At the project level, the following roles are introduced to enable finer-grained access control:

  • Project Admin: has full administration access to the project, where they can manage project settings such as collaborators, create and manage clusters in the project, and manage associated resources.

  • Project Read-Write: has read and write access to existing clusters within the project, where they can view cluster details, manage collections and indexes, and perform CRUD operations. However, they cannot invite or remove project collaborators, or create or manage clusters.

  • Project Read-Only: has read-only permissions on existing clusters within the project, where they can view project resources only.

    📘Notes

    • Users with the project read-only role may still have write access to serverless and free clusters. To restrict this access, you can set up cluster roles for these clusters.

    • Users with the project read-only role are unable to use Pipelines.

Cluster built-in roles

Default user with Admin role

Upon the creation of a cluster in Zilliz Cloud, a default cluster user, named db_admin, is established. Zilliz Cloud automatically generates the password for this user. Equipped with the Admin role, the db_admin user has full access to all cluster-level resources and operations.

📘Notes

The creator of the cluster is automatically assigned the Admin role.

Additional users with built-in roles

In addition to the default db_admin user, you can also add and manage extra cluster users, each with distinct built-in roles.

The system categorizes cluster built-in roles into the following types, each defining the extent of permissions for cluster users:

  • Admin: Full control over the cluster and associated resources.

  • Read-Write: Permission to read, write, and manage collections and indexes within the cluster.

  • Read-Only: Viewing rights for most cluster resources, but no creation, modification, or deletion capabilities.

To manage cluster users with various roles, see Manage Cluster Credentials.

📘Notes

  • If you encounter an error while using the built-in roles feature with a cluster, please contact us for troubleshooting assistance.

Access levels

Platform Role

UI Operation

API Operation

Organization & Project

Organization Owner

Grants full access to the organization and associated resources:

RESTful (V2)

</li></ul>

N/A

Project Admin

Grants full access to the project:

<ul><li>

Manage clusters in the project;

</li><li>

Manage project users;

</li><li>

Manage project alerts;

</li><li>

Full permission on backup & restore;

</li><li>

View and manage project jobs.

</li></ul>

RESTful (V2)

<ul><li>

Cloud

<ul><li>

List Cloud Providers

</li><li>

List Cloud Regions

</li></ul></li><li>

Import

<ul><li>

Create Import Jobs

</li><li>

List Import Jobs

</li><li>

Get Import Job Progress

</li></ul></li><li>

Cluster

<ul><li>

List Clusters

</li><li>

List Projects

</li><li>

Describe Cluster

</li><li>

Create Dedicated Cluster

</li><li>

Create Serverless Cluster

</li><li>

Create Free Cluster

</li><li>

Drop Cluster

</li><li>

Suspend Cluster

</li><li>

Resume Cluster

</li><li>

Modify Cluster

</li><li>

Query Cluster Metrics

</li></ul></li><li>

Vector

<ul><li>

Delete, Insert, Upsert

</li><li>

Query, Search, Hybrid Search, Get

</li></ul></li><li>

Collection

<ul><li>

List Collections

</li><li>

Create Collection

</li><li>

Describe Collection

</li><li>

Drop Collection

</li><li>

Has Collection

</li><li>

Get Collection Stats

</li><li>

Rename Collection

</li><li>

Load Collection

</li><li>

Release Collection

</li><li>

Get Collection Load State

</li></ul></li><li>

Index

<ul><li>

Create Index, Drop Index

</li><li>

Describe Index, List Indexes

</li></ul></li><li>

Partition

<ul><li>

List Partitions, Has Partition, Get Partition Statistics

</li><li>

Create Partition, Load Partitions, Release Partitions, Drop Partition

</li></ul></li><li>

Role

<ul><li>List Roles, Describe Role</li></ul></li><li>

Alias

<ul><li>

List Aliases, Describe Alias,

</li><li>

Alter Alias, Drop Alias, Create Alias

</li></ul></li><li>

User

<ul><li>

Create User, Drop User, Update User Password, Grant Role To User, Revoke Role From User

</li><li>

Describe User, List Users

</li></ul></li><li>

Backup & Restore

<ul><li>

List Backups, Describe Backup, Get Backup Policy

</li><li>

Create Backup, Delete Backup, Set Backup Policy, Restore Cluster Backup, Restore Collection Backup

</li></ul></li><li>

Migration

<ul><li>

Migrate to New Cluster

</li><li>

Migrate to Existing Cluster

</li></ul></li><li>

Job Center

<ul><li>Describe Job</li></ul>

SDKs (Python, Java, Go, Node.js)

</li><li>

Authentication

<ul><li>

create_role, create_user, drop_role, drop_user, grant_privilege, grant_role, revoke_privileges, revoke_role, update_password

</li><li>

describe_role, describe_user, list_roles, list_users

</li></ul></li><li>

Collection

<ul><li>

alter_alias, create_alias, drop_alias, create_collection, create_schema, drop_collection, rename_collection

</li><li>

describe_alias, describe_collection, get_collection_stats, has_collection, list_aliases, list_collections

</li></ul></li><li>

Management

<ul><li>

add_index, create_index, drop_index, load_collection, prepare_index_params, refresh_load, release_collection

</li><li>

describe_index, get_load_state, list_indexes

</li></ul></li><li>

Partition

<ul><li>

create_partition, drop_partition, load_partitions, release_partitions

</li><li>

get_partition_stats, has_partition, list_partitions

</li></ul></li><li>

Vector

<ul><li>

delete, insert, upsert

</li><li>

get, query, search

</li></ul></li></ul>

Project Read-Write

Grants read/write access to clusters in the project:

<ul><li>

View clusters, but cannot create or manage them;

</li><li>

Manage collections & indexes.

</li><li>

View backup files, but cannot create or restore from a backup.

</li><li>

View project jobs, but cannot cancel jobs or retry failed jobs.

</li></ul>

RESTful (V2)

<ul><li>

Cloud

<ul><li>

List Cloud Providers

</li><li>

List Cloud Regions

</li></ul></li><li>

Import

<ul><li>

Create Import Jobs

</li><li>

List Import Jobs

</li><li>

Get Import Job Progress

</li></ul></li><li>

Cluster

<ul><li>

List Clusters

</li><li>

List Projects

</li><li>

Describe Cluster

</li><li>

Query Cluster Metrics

</li></ul></li><li>

Vector

<ul><li>

Delete, Insert, Upsert

</li><li>

Query, Search, Hybrid Search, Get

</li></ul></li><li>

Collection

<ul><li>

List Collections

</li><li>

Create Collection

</li><li>

Describe Collection

</li><li>

Drop Collection

</li><li>

Has Collection

</li><li>

Get Collection Stats

</li><li>

Rename Collection

</li><li>

Load Collection

</li><li>

Release Collection

</li><li>

Get Collection Load State

</li></ul></li><li>

Index

<ul><li>

Create Index, Drop Index

</li><li>

Describe Index, List Indexes

</li></ul></li><li>

Partition

<ul><li>

List Partitions, Has Partition, Get Partition Statistics

</li><li>

Create Partition, Load Partitions, Release Partitions, Drop Partition

</li></ul></li><li>

Role

<ul><li>List Roles, Describe Role</li></ul></li><li>

Alias

<ul><li>

List Aliases, Describe Alias,

</li><li>

Alter Alias, Drop Alias, Create Alias

</li></ul></li><li>

User

<ul><li>Describe User, List Users</li></ul></li><li>

Backup & Restore

<ul><li>List Backups, Describe Backup, Get Backup Policy</li></ul></li><li>

Job Center

<ul><li>Describe Job</li></ul>

SDKs (Python, Java, Go, Node.js)

</li><li>

Authentication

<ul><li>describe_role, describe_user, list_roles, list_users</li></ul></li><li>

Collection

<ul><li>

alter_alias, create_alias, drop_alias, create_collection, create_schema, drop_collection, rename_collection

</li><li>

describe_alias, describe_collection, get_collection_stats, has_collection, list_aliases, list_collections

</li></ul></li><li>

Management

<ul><li>

add_index, create_index, drop_index, load_collection, prepare_index_params, refresh_load, release_collection

</li><li>

describe_index, get_load_state, list_indexes

</li></ul></li><li>

Partition

<ul><li>

create_partition, drop_partition, load_partitions, release_partitions

</li><li>

get_partition_stats, has_partition, list_partitions

</li></ul></li><li>

Vector

<ul><li>

delete, insert, upsert

</li><li>

get, query, search

</li></ul></li></ul>

Project Read-Only

Grants read-only access to clusters in the project:

<ul><li>

View clusters, but cannot create or manage them;

</li><li>

View collections & indexes only.

</li><li>

View backup files, but cannot create or restore from a backup.

</li><li>

View project jobs, but cannot cancel jobs or retry failed jobs.

</li></ul>

RESTful (V2)

<ul><li>

Cloud

<ul><li>

List Cloud Providers

</li><li>

List Cloud Regions

</li></ul></li><li>

Import

<ul><li>

List Import Jobs

</li><li>

Get Import Job Progress

</li></ul></li><li>

Cluster

<ul><li>

List Clusters

</li><li>

List Projects

</li><li>

Describe Cluster

</li><li>

Query Cluster Metrics

</li></ul></li><li>

Vector

<ul><li>Query, Search, Hybrid Search, Get</li></ul></li><li>

Collection

<ul><li>

List Collections

</li><li>

Describe Collection

</li><li>

Has Collection

</li><li>

Get Collection Stats

</li><li>

Get Collection Load State

</li></ul></li><li>

Index

<ul><li>Describe Index, List Indexes</li></ul></li><li>

Partition

<ul><li>List Partitions, Has Partition, Get Partition Statistics</li></ul></li><li>

Role

<ul><li>List Roles, Describe Role</li></ul></li><li>

Alias

<ul><li>List Aliases, Describe Alias</li></ul></li><li>

User

<ul><li>Describe User, List Users</li></ul></li><li>

Backup & Restore

<ul><li>List Backups, Describe Backup, Get Backup Policy</li></ul></li><li>

Job Center

<ul><li>Describe Job</li></ul>

SDKs (Python, Java, Go, Node.js)

</li><li>

Authentication

<ul><li>describe_role, describe_user, list_roles, list_users</li></ul></li><li>

Collection

<ul><li>describe_alias, describe_collection, get_collection_stats, has_collection, list_aliases, list_collections</li></ul></li><li>

Management

<ul><li>describe_index, get_load_state, list_indexes</li></ul></li><li>

Partition

<ul><li>get_partition_stats, has_partition, list_partitions</li></ul></li><li>

Vector

<ul><li>get, query, search</li></ul></li></ul>

Cluster Built-in Role

Admin (db_admin)

Grants full access to the cluster.

RESTful (V2)

<ul><li>

Vector

<ul><li>

Delete, Insert, Upsert

</li><li>

Query, Search, Hybrid Search, Get

</li></ul></li><li>

Collection

<ul><li>

List Collections

</li><li>

Create Collection

</li><li>

Describe Collection

</li><li>

Drop Collection

</li><li>

Has Collection

</li><li>

Get Collection Stats

</li><li>

Rename Collection

</li><li>

Load Collection

</li><li>

Release Collection

</li><li>

Get Collection Load State

</li></ul></li><li>

Index

<ul><li>

Create Index, Drop Index

</li><li>

Describe Index, List Indexes

</li></ul></li><li>

Partition

<ul><li>

List Partitions, Has Partition, Get Partition Statistics

</li><li>

Create Partition, Load Partitions, Release Partitions, Drop Partition

</li></ul></li><li>

Role

<ul><li>List Roles, Describe Role</li></ul></li><li>

Alias

<ul><li>

List Aliases, Describe Alias,

</li><li>

Alter Alias, Drop Alias, Create Alias

</li></ul></li><li>

User

<ul><li>

Create User, Drop User, Update User Password, Grant Role To User, Revoke Role From User

</li><li>

Describe User, List Users

</li></ul>

SDKs (Python, Java, Go, Node.js)

</li><li>

Authentication

<ul><li>

create_role, create_user, drop_role, drop_user, grant_privilege, grant_role, revoke_privileges, revoke_role, update_password

</li><li>

describe_role, describe_user, list_roles, list_users

</li></ul></li><li>

Collection

<ul><li>

alter_alias, create_alias, drop_alias, create_collection, create_schema, drop_collection, rename_collection

</li><li>

describe_alias, describe_collection, get_collection_stats, has_collection, list_aliases, list_collections

</li></ul></li><li>

Management

<ul><li>

add_index, create_index, drop_index, load_collection, prepare_index_params, refresh_load, release_collection

</li><li>

describe_index, get_load_state, list_indexes

</li></ul></li><li>

Partition

<ul><li>

create_partition, drop_partition, load_partitions, release_partitions

</li><li>

get_partition_stats, has_partition, list_partitions

</li></ul></li><li>

Vector

<ul><li>

delete, insert, upsert

</li><li>

get, query, search

</li></ul></li></ul>

Read-Write (db_rw)

Grants read/write access to the cluster.

RESTful (V2)

<ul><li>

Vector

<ul><li>

Delete, Insert, Upsert

</li><li>

Query, Search, Hybrid Search, Get

</li></ul></li><li>

Collection

<ul><li>

List Collections

</li><li>

Create Collection

</li><li>

Describe Collection

</li><li>

Drop Collection

</li><li>

Has Collection

</li><li>

Get Collection Stats

</li><li>

Rename Collection

</li><li>

Load Collection

</li><li>

Release Collection

</li><li>

Get Collection Load State

</li></ul></li><li>

Index

<ul><li>

Create Index, Drop Index

</li><li>

Describe Index, List Indexes

</li></ul></li><li>

Partition

<ul><li>

List Partitions, Has Partition, Get Partition Statistics

</li><li>

Create Partition, Load Partitions, Release Partitions, Drop Partition

</li></ul></li><li>

Role

<ul><li>List Roles, Describe Role</li></ul></li><li>

Alias

<ul><li>List Aliases, Describe Alias</li></ul></li><li>

User

<ul><li>Describe User, List Users</li></ul>

SDKs (Python, Java, Go, Node.js)

</li><li>

Authentication

<ul><li>describe_role, describe_user, list_roles, list_users</li></ul></li><li>

Collection

<ul><li>

alter_alias, create_alias, drop_alias, create_collection, create_schema, drop_collection, rename_collection

</li><li>

describe_alias, describe_collection, get_collection_stats, has_collection, list_aliases, list_collections

</li></ul></li><li>

Management

<ul><li>

add_index, create_index, drop_index, load_collection, prepare_index_params, refresh_load, release_collection

</li><li>

describe_index, get_load_state, list_indexes

</li></ul></li><li>

Partition

<ul><li>

create_partition, drop_partition, load_partitions, release_partitions

</li><li>

get_partition_stats, has_partition, list_partitions

</li></ul></li><li>

Vector

<ul><li>

delete, insert, upsert

</li><li>

get, query, search

</li></ul></li></ul>

Read-Only (db_ro)

Grants read-only access to the cluster.

RESTful (V2)

<ul><li>

Vector

<ul><li>Query, Search, Hybrid Search, Get</li></ul></li><li>

Collection

<ul><li>

List Collections

</li><li>

Describe Collection

</li><li>

Has Collection

</li><li>

Get Collection Stats

</li><li>

Get Collection Load State

</li></ul></li><li>

Index

<ul><li>Describe Index, List Indexes</li></ul></li><li>

Partition

<ul><li>List Partitions, Has Partition, Get Partition Statistics</li></ul></li><li>

Role

<ul><li>List Roles, Describe Role</li></ul></li><li>

Alias

<ul><li>List Aliases, Describe Alias</li></ul></li><li>

User

<ul><li>Describe User, List Users</li></ul>

SDKs (Python, Java, Go, Node.js)

</li><li>

Authentication

<ul><li>describe_role, describe_user, list_roles, list_users</li></ul></li><li>

Collection

<ul><li>describe_alias, describe_collection, get_collection_stats, has_collection, list_aliases, list_collections</li></ul></li><li>

Management

<ul><li>describe_index, get_load_state, list_indexes</li></ul></li><li>

Partition

<ul><li>get_partition_stats, has_partition, list_partitions</li></ul></li><li>

Vector

<ul><li>get, query, search</li></ul></li></ul>