Skip to main content

Manage user permissions in Astro

To better protect your data pipelines and cloud infrastructure, Astro offers role-based access control for Organizations and Workspaces. Each Astro user has a Workspace role in each Workspace they belong to, plus a single Organization role. Role-based access control is not available for Deployments.

Organization roles

An Organization role grants a user some level of access to an Astro Organization, including all of the Workspaces within that Organization. All users have an Organization role regardless of whether they belong to a Workspace. The following table lists the available Organization roles:

PermissionOrganization MemberOrganization Billing AdminOrganization Owner
View Organization details and user membership✔️✔️✔️
View lineage data in the Lineage tab✔️✔️✔️
Create a new Workspace✔️✔️✔️
Update Organization billing information and settings✔️✔️
View usage for all Workspaces in the Usage tab✔️✔️
Workspace Admin permissions to all Workspaces✔️
Update roles and permissions of existing Organization users✔️
Invite a new user to an Organization✔️
Remove a user from an Organization✔️

Update Organization roles

  1. In the Cloud UI, click the People tab.
  2. Find the user in the table and click Edit. The Members table lists all users that have been added to a Workspace in your Organization. If you can't find a user, it might be because they haven't been invited to a Workspace or accepted their invite.

Workspace roles

A Workspace role grants a user some level of access to a specific Workspace. The following table lists the available Workspace roles:

PermissionWorkspace ViewerWorkspace EditorWorkspace Admin
View Workspace users✔️✔️✔️
View all Deployments in the Cloud UI✔️✔️✔️
View DAGs in the Airflow UI✔️✔️✔️
View Airflow task logs✔️✔️✔️
View Astro Cloud IDE projects✔️✔️✔️
Update Deployment configurations✔️✔️
Manually trigger DAG and task runs✔️✔️
Pause or unpause a DAG✔️✔️
Clear/mark a task instance or DAG run✔️✔️
Push code to Deployments✔️✔️
Create and Delete Deployments✔️✔️
Create, Update and Delete Environment Variables✔️✔️
Create, update, and delete Astro Cloud IDE projects✔️✔️
Create, Update and Delete API Keys✔️
View Airflow connections and Variables✔️
Update user roles and permissions✔️
Update Airflow connections and Variables✔️
Invite users to a Workspace✔️

Update Workspace roles

Workspace Admins can set user roles on the Access tab in the Cloud UI. See Manage Workspaces.


If a user changes Workspace roles, it can take a maximum of 10 minutes for corresponding Airflow permission changes to take effect.