We are excited to release the Per-Member Authorization feature that introduces roles to the FGA Dashboard! This allows you to grant appropriate levels of access based on users’ needs.
We are enhancing the permission model from a single admin to Groups that can be assigned roles. Groups are an organizational container for managing permissions and offer convenience when assigning roles to multiple users at once.
- New Roles: We are introducing three new granular roles to sit alongside the previous admin role (now renamed Account Owner):
- Group Manager: An account-level role for managing teams without accessing FGA stores directly.
- Store Editor: A store-level role that can modify models and tuples but cannot manage groups.
- Store Viewer: A read-only role useful for ops teams or sales engineers who need visibility without the ability to impact systems.
- Groups: Account Owners or Group Managers can create groups (ex., "IT Group" or "Dev Team") and assign members to them. All members automatically inherit the permissions defined at the group level.
- Scoping: Crucially, these roles can be scoped to specific stores. For example, this allows a single user, to be an Editor for a "Staging" store but restricted to Viewer for a "Production" store.
For more details, refer to Auth0 FGA Dashboard’s Roles documentation.