Roles and Permissions

Understand the permission model and configure fine-grained access control for your organization.

Permission Model

Lucaro uses a role-based access control (RBAC) model with two levels:

Workspace-Level Roles

Control access to workspace settings, members, and billing. Applied to all projects in the workspace.

Project-Level Roles

Control access to specific projects, dashboards, and data within a workspace.

Permission Matrix

PermissionOwnerAdminEditorViewer
Workspace
View workspaceYesYesYesYes
Manage membersYesYesNoNo
Manage billingYesNoNoNo
Delete workspaceYesNoNoNo
Projects
Create projectsYesYesNoNo
Edit project settingsYesYesNoNo
Manage integrationsYesYesNoNo
Content
View dashboardsYesYesYesYes
Create dashboardsYesYesYesNo
Edit dashboardsYesYesYesNo
Manage metrics registryYesYesYesNo
Create alertsYesYesYesNo
Export dataYesYesYesYes

Custom Roles (Enterprise)

Enterprise plans can create custom roles with specific permissions:

curl -X POST "https://api.lucaro.dev/v2/workspace/{workspaceId}/roles" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Analyst",
    "permissions": [
      "dashboards:read",
      "dashboards:create",
      "metrics:read",
      "exports:create"
    ]
  }'

Next Steps

User Management

Invite and manage team members

SSO Configuration

Set up enterprise authentication