Role-Based Access Control with Ory Keto
· 2 min read
We're excited to announce a major security enhancement to Thevenin: Role-Based Access Control (RBAC) powered by Ory Keto. This feature introduces fine-grained permission management for your company workspaces.
New Company Roles
Thevenin now supports three distinct roles within company namespaces:
| Role | Description | Permissions |
|---|---|---|
| Owner | The company creator | Full access including company deletion |
| Admin | Trusted administrators | Manage resources, users, and settings |
| Member | Team members | Access and deploy to assigned environments |
Company Namespaces
Each company in Thevenin now operates within its own secure namespace:
- Clear Boundaries: Your company's resources are completely separate from others
- Centralized Management: All permissions are managed at the company level
- Audit Ready: Track who has access to what within your organization
Role Hierarchy
The three roles follow a simple hierarchy:
Owner → Admin → Member
- Owners can perform all actions, including deleting the company and managing all team members
- Admins can manage resources and invite new members, but cannot delete the company
- Members can access and work with resources they've been granted access to
Benefits
Enhanced Security
- Fine-grained access control prevents unauthorized actions
- Principle of least privilege is easy to implement
- Clear separation of duties within your team
Better Team Collaboration
- Invite team members with appropriate access levels
- Delegate administrative tasks without giving full control
- Onboard new developers safely as members first
Compliance Ready
- Clear audit trail of who can access what
- Easy to demonstrate access controls for compliance requirements
- Role assignments are tracked and verifiable
Have questions about role-based access control? Check out our documentation or reach out through support.