Skip to main content
Version: User Guides (Cloud)

User Roles

In Zilliz Cloud, Role-based Access Control (RBAC) is pivotal for delineating permissions across organizations, projects, and clusters. This system allows organization and project admins to efficiently manage user roles and access, maintaining streamlined operations and security.

For a deeper understanding of how organizations and projects are structured, refer to Resource Hierarchy.

Organization roles

To manage access and actions at the organization level, Zilliz Cloud introduces two organization roles, delineating who can access which modules and perform specified actions.

  • Organization Owner: has full administration access to the organization, including organization settings, all projects in the organization, and associated resources.

  • Organization Member: has limited access to the organization, where they can view organization settings and invite users to join the organization. The specific scope of permission on project- and cluster-level resources owned by an organization member is determined by their project roles.

Project roles

At the project level, the following roles are introduced to enable finer-grained access control:

  • Project Admin: has full administration access to the project, where they can manage project settings such as collaborators, create and manage clusters in the project, and manage associated resources.

  • Project Read-Write: has read and write access to existing clusters within the project, where they can view cluster details, manage collections and indexes, and perform CRUD operations. However, they cannot invite or remove project collaborators, or create or manage clusters.

  • Project Read-Only: has read-only permissions on existing clusters within the project, where they can view project resources only.

    📘Notes
    • Users with the project read-only role may still have write access to serverless and free clusters. To restrict this access, you can set up cluster roles for these clusters.

    • Users with the project read-only role are unable to use Pipelines.

Cluster built-in roles

Default user with Admin role

Upon the creation of a cluster in Zilliz Cloud, a default cluster user, named db_admin, is established. Zilliz Cloud automatically generates the password for this user. Equipped with the Admin role, the db_admin user has full access to all cluster-level resources and operations.

📘Notes

The creator of the cluster is automatically assigned the Admin role.

Additional users with built-in roles

In addition to the default db_admin user, you can also add and manage extra cluster users, each with distinct built-in roles.

The system categorizes cluster built-in roles into the following types, each defining the extent of permissions for cluster users:

  • Admin: Full control over the cluster and associated resources.

  • Read-Write: Permission to read, write, and manage collections and indexes within the cluster.

  • Read-Only: Viewing rights for most cluster resources, but no creation, modification, or deletion capabilities.

To manage cluster users with various roles, see Manage Cluster Credentials.

📘Notes

  • These built-in roles are only applicable to serverless and dedicated clusters. Free clusters support only the Read-Write role. For more information on cluster types, see Select the Right Cluster Plan.

  • If you encounter an error while using the built-in roles feature with a dedicated cluster, please contact us for troubleshooting assistance.

Access levels

Platform Role

UI Operation

API Operation

Organization & Project

Organization Owner

Grants full access to the organization and associated resources:

RESTful (V2)

Project Admin

Grants full access to the project:

RESTful (V2)

Project Read-Write

Grants read/write access to clusters in the project:

  • View clusters and pipelines, but cannot create or manage them;

  • Manage collections & indexes.

  • View backup files, but cannot create or restore from a backup.

  • View project jobs, but cannot cancel jobs or retry failed jobs.

RESTful (V2)

Project Read-Only

Grants read-only access to clusters in the project:

  • View clusters and pipelines, but cannot create or manage them;

  • View collections & indexes only.

  • View backup files, but cannot create or restore from a backup.

  • View project jobs, but cannot cancel jobs or retry failed jobs.

RESTful (V2)

Cluster Built-in Role

Admin (db_admin)

Grants full access to the cluster.

RESTful (V2)

Read-Write (db_rw)

Grants read/write access to the cluster.

RESTful (V2)

Read-Only (db_ro)

Grants read-only access to the cluster.

RESTful (V2)