Introducing Role-Based Access Controls #239
yahyafakhroji
started this conversation in
Changelog
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
We've rolled out role-based access control across the portal, so every page, button, and action now reflects the permissions you actually have. Instead of clicking into a resource and hitting an error, controls you can't use are hidden or disabled up front, restricted pages explain what you're missing, and viewers get clean read-only experiences so the portal only shows you what the backend authorizes.
Key Improvements
1. Permission-Aware Everywhere
Create, edit, and delete actions across the portal now are tied to your role. Buttons you can't use are disabled with a clear reason (so you'll always know why!) , and actions you have no access to simply don't appear, eliminating unnecessary confusion and frustration for our users.
2. Clear Restricted States
We've introduced clear restricted states, so instead of a broken link or an empty screen, you'll see a dedicated "restricted" view. Or, in the case of mixed access (e.g. a section you can read but not edit) we've introduced a non-intrusive overlay so you can still see context without misleading affordances.
3. True Read-Only
Viewers now get a true read-only experience. For example, on Secrets you can see key names without edit or delete controls, and "danger zone" cards across detail pages hide destructive actions for users who don't have the permissions to perform them.
4. Coverage Across Organization & Projects
Access control now spans the surfaces you use most:
5. Role Visibility in Your Team
The organization members table now shows a "Roles" column, so you can see at a glance who has which level of access without having to click through to each member.
6. Safe Links & Empty States
Deep links and empty-state shortcuts now honor your permissions too. "Create" deep-links, empty-state call-to-actions, and the project switcher's "Create project" entry are hidden when you don't have the right access, so every path through the portal stays consistent.
Preview
Screen.Recording.2026-06-01.at.17.25.16.mov
Beta Was this translation helpful? Give feedback.
All reactions