Access & Permissions

---

Customers can create service accounts and invite collaborators to their workspaces, and assign specific permissions that restrict their actions in the workspace. Collaborators and service accounts are managed on the Access & Permissions page in the Errthquake portal.

Permissions

Permissions must be granted for all users to execute actions in a workspace. The workspace creator is automatically granted all permissions by default, but they can remove their own permissions as well.

Workspace Permissions

• Create Tests: Permission to create, view and edit test inputs, objects, and configurations.
• Execute Tests: Permission to execute tests.
• View Test Inputs: Permission to view CSV test inputs.
• View Test Configs: Permission to view YAML test configurations.
• View Test Results: Permission to view test results.
• Manage Service Accounts: Permission to create and delete service accounts, and to update their permissions.
• Manage Collaborators: Permission to invite and remove collaborators, and to update their permissions.
• Manage Environment Variables: Permission to create, update, and delete environment variables.
• Manage Secrets: Permission to create, updae, and delete secrets.

Service Accounts

Multiple service accounts can be created in a workspace. Each service account has its own permission set that specifies what actions it can execute.

When a service account is created, an Authorization token is displayed. The token value is unique to the service account and should be used in an Authorization header in HTTP requests made to the Errthquake API.

The Authorization token is only displayed once, when the service account is created. The Authorization token does not expire.

Service account permissions can be updated and the service account can be deleted by customers who have permission to manage service accounts.

Collaborators

Customers can invite collaborators to their workspace. Collaborator permissions are configured when an invitation is sent.

Collaborators must accept an invitation in order to join a workspace. Collaborators who have not yet accepted an invitation can be uninvited.

Once a collaborator has joined a workspace, their permissions specify what actions they can execute.

Notes on Managing Collaborators

The Manage Collaborators permission is effectively the workspace administrator permission. Multiple customers can hold this permission in a workspace.

A customer can remove their own Manage Collaborators permission, unless they are the only collaborator who holds the permission. One customer must always be able to manage collaborators in a workspace.