User Roles
In Zilliz Cloud, Role-based Access Control (RBAC) is pivotal for delineating permissions across organizations, projects, and clusters. This system allows organization and project admins to efficiently manage user roles and access, maintaining streamlined operations and security.
For a deeper understanding of how organizations and projects are structured, refer to Resource Hierarchy.
Organization roles
To manage access and actions at the organization level, Zilliz Cloud introduces two organization roles, delineating who can access which modules and perform specified actions.
-
Organization Owner: has full administration access to the organization, including organization settings, all projects in the organization, and associated resources.
-
Billing Admin: has full administration access to the organization billing, where they can view and edit organization billing information, receive email notifications related to billing. However, the access to the organization resources like projects and clusters are limited.
-
Organization Member: has limited access to the organization, where they can view organization settings and invite users to join the organization. The specific scope of permission on project- and cluster-level resources owned by an organization member is determined by their project roles.
Project roles
At the project level, the following roles are introduced to enable finer-grained access control:
-
Project Admin: has full administration access to the project, where they can manage project settings such as collaborators, create and manage clusters in the project, and manage associated resources.
-
Project Read-Write: has read and write access to existing clusters within the project, where they can view cluster details, manage collections and indexes, and perform CRUD operations. However, they cannot invite or remove project collaborators, or create or manage clusters.
-
Project Read-Only: has read-only permissions on existing clusters within the project, where they can view project resources only.
📘NotesUsers with the project read-only role may still have write access to serverless and free clusters. To restrict this access, you can set up cluster roles for these clusters.
Users with the project read-only role are unable to use Pipelines.
Cluster built-in roles
Default user with Admin
role
Upon the creation of a cluster in Zilliz Cloud, a default cluster user, named db_admin
, is established. Zilliz Cloud automatically generates the password for this user. Equipped with the Admin
role, the db_admin
user has full access to all cluster-level resources and operations.
The creator of the cluster is automatically assigned the Admin
role.
Additional users with built-in roles
In addition to the default db_admin
user, you can also add and manage extra cluster users, each with distinct built-in roles.
The system categorizes cluster built-in roles into the following types, each defining the extent of permissions for cluster users:
-
Admin
: Full control over the cluster and associated resources. -
Read-Write
: Permission to read, write, and manage collections and indexes within the cluster. -
Read-Only
: Viewing rights for most cluster resources, but no creation, modification, or deletion capabilities.
To manage cluster users with various roles, see Manage Cluster Credentials.
- These built-in roles are only applicable to serverless and dedicated clusters. Free clusters support only the
Read-Write
role. For more information on cluster types, see Select the Right Cluster Plan.
- If you encounter an error while using the built-in roles feature with a dedicated cluster, please contact us for troubleshooting assistance.
Access levels
Platform Role | UI Operation | API Operation |
---|---|---|
Organization & Project | ||
Organization Owner | Grants full access to the organization and associated resources:
| RESTful (V2)
|
Billing Admin | Grants full access to the organization billing only:
| N/A |
Project Admin | Grants full access to the project:
| RESTful (V2)
|
Project Read-Write | Grants read/write access to clusters in the project:
| RESTful (V2)
|
Project Read-Only | Grants read-only access to clusters in the project:
| RESTful (V2)
|
Cluster Built-in Role | ||
Admin ( | Grants full access to the cluster. | RESTful (V2)
|
Read-Write ( | Grants read/write access to the cluster. | RESTful (V2)
|
Read-Only ( | Grants read-only access to the cluster. | RESTful (V2)
|