Skip to content
|
search
Kong Konnect

Teams and Roles

Many organizations have strict security requirements. For example, organizations need the ability to segregate the duties of an administrator to ensure that a mistake or malicious act by one administrator doesn’t cause an outage.

To help secure and govern your environment, Konnect provides the ability to manage authorization with teams and roles. You can use Konnect’s predefined teams for a standard set of roles, or create custom teams with any roles you choose. Invite users and add them to these teams to manage user access.

Teams and roles

You can find a list of all teams in your organization through organizations icon Organization > Teams in Konnect.

You must be part of the Organization Admin team to manage users, teams, and roles.

  • Team: A group of users with access to the same roles. Teams are useful for assigning access by functionality, as they can provide granular access to any group of Konnect resources based on roles. As well, access to specific runtime groups and services can be shared with teams.

  • Role: Predefined access to a particular resource instance, or all instances of a resource type (for example, a particular service or all services).

When you create a Konnect account, you are automatically added to the Organization Admin team, which is one of the predefined teams in Konnect. Predefined teams have sets of roles that can’t be modified or deleted. You can add users to these teams, or create your own custom teams with any of the supported roles.

Access precedence

Users can be part of any number of teams, and the roles gained from the teams are additive. For example, if you add a user to both the Service Developer and Portal Viewer teams, the user can create and manage services through the Service Hub and register applications through the Dev Portal.

If two roles provide access to the same entity, the role with more access takes effect. For example, if you have the Service Admin and Service Deployer roles on the same service, the Service Admin role takes precedence.

Get started with access management