Access Control & Roles
Manage users, permissions, and operational access across workflows, integrations, and teams.
Cascades helps organizations control who can build workflows, trigger executions, manage integrations, and access sensitive operational systems.
Role-based access helps teams maintain security without slowing down workflow operations.
This is especially important when workflows interact with critical systems, customer environments, financial processes, or infrastructure.
See Authentication & Access Control for platform login and identity access.
Common roles
Most teams organize access around operational responsibilities.
| Role | Typical permissions |
|---|---|
| Viewer | View workflows, runs, dashboards, and proof records |
| Operator | Trigger workflows, monitor executions, and manage workflow operations |
| Builder | Create workflows, manage integrations, and publish workflow updates |
| Admin | Manage users, permissions, integrations, and organization settings |
This helps teams separate workflow design from operational execution.
Team access
Organizations often separate workflows by:
- department
- business unit
- environment
- operational team
- customer group
This helps reduce unnecessary access across unrelated systems.
Examples:
- security teams manage incident workflows
- finance teams manage billing workflows
- platform teams manage infrastructure workflows
Integration permissions
External systems should only receive the access they need.
Examples include:
- repository-specific access
- limited API credentials
- scoped webhook permissions
- restricted communication channels
This helps reduce operational risk.
Identity integration
Organizations can connect existing identity systems using:
- OIDC
- SAML
- enterprise SSO providers
Examples may include:
- :contentReference[oaicite:0]0
- :contentReference[oaicite:1]1
- :contentReference[oaicite:2]2 Azure AD
- :contentReference[oaicite:3]3
See Identity Provider Configuration.
Service accounts
Teams often use service accounts for:
- CI/CD workflows
- infrastructure automation
- API integrations
- system-to-system workflows
These accounts should use limited permissions and regularly rotated credentials.
Operational safety
Separating administrative access from day-to-day workflow execution helps reduce operational mistakes.
This is especially important for workflows involving:
- infrastructure changes
- customer provisioning
- financial workflows
- compliance systems
Recommended approach
Most organizations follow this model:
This helps teams scale workflow access while maintaining stronger operational controls.