User Roles

In Zilliz Cloud, Role-based Access Control (RBAC) is pivotal for delineating permissions across organizations, projects, and clusters. This system allows organization and project owners to efficiently manage user roles and access, maintaining streamlined operations and security.

For a deeper understanding of how organizations and projects are structured, refer to Resource Hierarchy.

Organization roles

To manage access and actions at the organization level, Zilliz Cloud introduces two organization roles, delineating who can access which modules and perform specified actions.

• Organization Owner: has full administration access to the organization, including organization settings, all projects in the organization, and associated resources.

• Organization Member: has limited access to the organization, where they can view organization settings and invite users to join the organization. The specific scope of permission on project- and cluster-level resources owned by an organization member is determined by their project roles.

Project roles

At the project level, two roles are introduced to enable finer-grained access control:

• Project Owner: has full administration access to the project, including project settings, all clusters in the project, and associated resources.

• Project Member: has read and write access to clusters within the project, where they can view cluster details and manage collections and indexes.

Cluster built-in roles

Default user with Admin role

Upon the creation of a cluster in Zilliz Cloud, a default cluster user, named db_admin, is established. Zilliz Cloud automatically generates the password for this user. Equipped with the Admin role, the db_admin user has full access to all cluster-level resources and operations.

📘Notes

The creator of the cluster is automatically assigned the Admin role.

Additional users with built-in roles

In addition to the default db_admin user, you can also add and manage extra cluster users, each with distinct built-in roles.

The system categorizes cluster built-in roles into the following types, each defining the extent of permissions for cluster users:

• Admin: Full control over the cluster and associated resources.

• Read-Write: Permission to read, write, and manage collections and indexes within the cluster.

• Read-Only: Viewing rights for most cluster resources, but no creation, modification, or deletion capabilities.

To manage cluster users with various roles, see Manage Cluster Credentials.

📘Notes

• These built-in roles are only applicable to serverless and dedicated clusters. Free clusters support only the Read-Write role. For more information on cluster types, see Select the Right Cluster Plan.

• If you encounter an error while using the built-in roles feature with a dedicated cluster, please contact us for troubleshooting assistance.

Access levels

Platform Role	UI Operation	API Operation
Organization & Project
Organization Owner	Grants full access to the organization: Full access to all projects and features in the organization; Full access to payments & billing; Manage API keys; Manage organization users; Manage metrics & alerts; View activities; Manage organization settings; Use recycle bin.	RESTful Cloud (list cloud providers & regions) Cluster (create, list, describe, dop, modify, resume, suspend, create serverless, list projects) Import (import, get import progress, list import jobs) Pipeline (describe, create, list, run, drop) Collection (list, create, describe, drop) Vector (delete, insert, search, query, get, upsert) SDKs (Python, Java, Go, Node.js) Credential (create, delete, list, update, addUserToRole, selectUser) Alias (create, drop, describe, alter, list) System (getVersion, checkHealth) Collection (create, drop, describe, show, load, release, flush, getFlushState, compaction, getStatistics, rename) Partition (create, drop, hasPartition, load, release, show) Index (create, drop, getIndexState, getIndexBuildProgress, describeIndex) Vector (search, insert, delete, get, query)
Project Owner	Grants full access to the project: Manage clusters and pipelines in the project; Manage project users; Restricted access to API keys; Access to whitelist and private link; Manage project alerts; Full permission on backup & restore; View and manage project jobs.	RESTful Cloud (list cloud providers & regions) Cluster (create, list, describe, dop, modify, resume, suspend, create serverless, list projects) Import (import, get import progress, list import jobs) Pipeline (describe, create, list, run, drop) Collection (list, create, describe, drop) Vector (delete, insert, search, query, get, upsert) SDKs (Python, Java, Go, Node.js) Credential (create, delete, list, update, addUserToRole, selectUser) Alias (create, drop, describe, alter, list) System (getVersion, checkHealth) Collection (create, drop, describe, show, load, release, flush, getFlushState, compaction, getStatistics, rename) Partition (create, drop, hasPartition, load, release, show) Index (create, drop, getIndexState, getIndexBuildProgress, describeIndex) Vector (search, insert, delete, get, query)
Project Member	Grants read/write access to clusters in the project: View clusters and pipelines, but cannot create or manage them; Manage collections & indexes. View backup files, but cannot create or restore from a backup. View project jobs, but cannot cancel jobs or retry failed jobs.	RESTful Cloud (list cloud providers & regions) Import (import, get import progress, list import jobs) Pipeline (describe, create, list, run, drop) Collection (list, create, describe, drop) Vector (delete, insert, search, query, get, upsert) SDKs (Python, Java, Go, Node.js) Alias (create, drop, describe, alter, list) System (getVersion, checkHealth) Collection (create, drop, describe, show, load, release, flush, getFlushState, compaction, getStatistics, rename) Partition (create, drop, hasPartition, load, release, show) Index (create, drop, getIndexState, getIndexBuildProgress, describeIndex) Vector (search, insert, delete, get, query)
Cluster Built-in Role
Admin (db_admin)	Grants full access to the cluster.	RESTful Collection (list, create, describe, drop) Vector (delete, insert, search, query, get, upsert) SDKs (Python, Java, Go, Node.js) Credential (create, delete, list, update, addUserToRole, selectUser) Alias (create, drop, describe, alter, list) System (getVersion, checkHealth) Collection (create, drop, describe, show, load, release, flush, getFlushState, compaction, getStatistics, rename) Partition (create, drop, hasPartition, load, release, show) Index (create, drop, getIndexState, getIndexBuildProgress, describeIndex) Vector (search, insert, delete, get, query)
Read-Write (db_rw)	Grants read/write access to the cluster.	RESTful Collection (list, create, describe, drop) Vector (delete, insert, search, query, get, upsert) SDKs (Python, Java, Go, Node.js) System (getVersion, checkHealth) Alias (create, drop, describe, alter, list) Collection (create, drop, describe, show, load, release, flush, getFlushState, rename) Partition (create, drop, hasPartition, load, release, show) Index (create, drop, getIndexState, getIndexBuildProgress, describeIndex) Vector (search, insert, delete, get, query)
Read-Only (db_ro)	Grants read-only access to the cluster.	RESTful Collection (list, describe) Vector (search, query, get) SDKs (Python, Java, Go, Node.js) Alias (describe, list) System (getVersion, checkHealth) Collection (describe, show, load) Partition (hasPartition, show) Index (getIndexState, getIndexBuildProgress, describeIndex) Vector (search, get, query)

Related topics

• A Panorama View

• Manage Organizations and Members

• Manage Projects and Collaborators