This guide is applicable to Dagster Cloud.
In this guide, we'll walk you through adding, removing, and assigning user roles to users in Dagster Cloud.
Organization Admin or Admin permissions are required to add or remove users in Dagster Cloud.
Before you start, note that:
Users are managed on a per-deployment basis. Organization Admins are the exception and have access to the entire organization.
For example, if you have two full deployments (
dev), users who aren't Organization Admins must be added to each deployment to have access.
If using Google for SSO, users must be added in Dagster Cloud before they can log in.
If using a SAML-based solution like Okta, users must be assigned to the Dagster app in the SSO portal to log in. By default, users will be granted Viewer permissions on each deployment. The default role can be adjusted by modifying the
sso_default_role deployment setting.
To add a new user to a deployment:
Sign in to your Dagster Cloud account.
Click the user menu (your icon) > Cloud Settings.
Fill in the following:
Click + Add.
To remove a user from a deployment:
Note: This won't remove users from other deployments. For example, if a user has been added to both
dev but only removed in
prod, they'll still be a user in
With the exception of the Organization Admin role, user roles are set on a per-deployment basis and enforced both in Dagster Cloud and the GraphQL API.
Dagster Cloud currently includes support for four levels of role-based access control:
|Launch, re-execute, terminate, and delete runs of jobs||N||Y||Y||Y|
|Start and stop schedules||N||Y||Y||Y|
|Start and stop sensors||N||Y||Y||Y|
|Launch and cancel backfills||N||Y||Y||Y|
|Create and delete deployments||N||N||N||Y|
|Modify deployments settings||N||Y||Y||Y|
|Create, edit, delete environment variables||N||Y||Y||Y|
|View environment variables values||N||Y||Y||Y|
|Export environment variables||N||Y||Y||Y|
|View code locations||Y||Y||Y||Y|
|Create and remove code locations||N||Y||Y||Y|
|Reload code locations and workspaces||N||Y||Y||Y|
|View agent tokens||N||Y||Y||Y|
|Create agent tokens||N||Y||Y||Y|
|Edit agent tokens||N||Y||Y||Y|
|Revoke agent tokens||N||Y||Y||Y|
|View and create own user tokens||N||Y||Y||Y|
|List all user tokens||N||N||Y||Y|
|Revoke all user tokens||N||N||Y||Y|