Organization Permissions
This page describes the different roles and permissions available within your Ennote organization. Understanding these roles is crucial for managing access and ensuring the security of your resources.
Organization Roles
link
Info
Even Organization Admins *cannot* access secrets stored within individual user private workspaces. These secrets are encrypted and protected, accessible only to the user who created them.
Ennote offers the following organization roles:
- Organization AdminThis role has full control over the organization, including managing users, permissions, billing, and all resources. Use this role sparingly, assigning it only to trusted individuals who require complete administrative access.
- Organization EditorThis role has all the permissions of the Organization Admin *except* for billing management and managing organization-level IAM permissions. This is a good option for users who need broad administrative access but shouldn't manage billing or core identity access.
- Organization ViewerThis role has read-only access to most organization information, similar to the Auditor, but *without* access to IAM permissions. They can have access to all sensitive information within organization.
- Organization Billing AdminThis role has access to the organization's billing information and can manage subscriptions, payments, and invoices. They do *not* have access to other administrative functions.
- Organization AuditorThis role has read-only access to most organization information, allowing them to view logs, activity, and other data for auditing purposes. They *cannot* view IAM permissions or any sensitive information.
- Organization BrowserThis is the default role. Users with this role have basic access to the organization but *do not* have permission to view resources within workspaces. This role is suitable for users who need to be part of the organization but don't require access to specific workspace.
Role Comparison Table
link
| Role | Full Control | Billing Access | IAM Management | Workspace Management | View Resources in Workspaces | View Sensitive Info | Audit logs |
|---|---|---|---|---|---|---|---|
| Organization Admin | check_small | check_small | check_small | check_small | check_small | check_small | check_small |
| Organization Editor | remove | remove | remove | check_small | check_small | check_small | remove |
| Organization Viewer | remove | remove | remove | remove | check_small | check_small | remove |
| Organization Billing Admin | remove | check_small | remove | remove | remove | remove | remove |
| Organization Auditor | remove | remove | remove | remove | check_small | remove | check_small |
| Organization Browser | remove | remove | remove | remove | remove | remove | remove |
Best Practices
link
- Principle of Least Privilege:Grant users only the minimum necessary permissions (better on the workspace level) to perform their tasks. This helps improve security and reduce the risk of accidental or malicious changes.
- Regularly Review Permissions:Periodically review the roles assigned to users to ensure they still align with their current responsibilities
- Secret Security:Remember that even Organization Admins cannot access secrets stored in user private workspaces. This design ensures the highest level of security for sensitive information.
Need Help?
link
If you encounter any issues or have questions, don’t hesitate to contact support. Our team is here to assist you with any challenges you might face.
© 2025 Ennote.io. All Rights Reserved.