Managing permissions

The Method Platform includes administrative controls for managing permissions within the system. Platform administrators can manage group membership and the permissions that each group has in relation to platform resources.

---

Group membership administration

If your Method instance uses SCIM to sync groups from your identity provider, then group membership cannot be altered within the platform, and is controlled by your identity provider.

If your Method instance does not use SCIM, then a platform administrator can use the Groups page to create and delete groups, and the Members tab of the same page to add or remove users from those groups.

Permission management

The Method Platform uses Relationship Based Access Control (ReBAC) to specify which level of access each group has in relation to different platform resources. This is a similar authorization model to Role Based Access Control (RBAC), but is more flexible and granular, as a group can be granted different levels of access to different resources. For example, a group can be granted read permissions on some environments, edit permissions on others, and denied access to the rest.

Platform administrators can use the Permissions tab of the Groups page to specify the permissions that each group has in relation to different platform resources.

Access levels

Access controls within the Method Platform are primarily defined at the Environment level. Each environment has these levels of access, each of which can be assigned to different groups by platform administrators.

A platform administrator can view the access level of each group for an environment on the Permissions tab of the Environments page.

Other resource types and granularities of data access will be documented as they are added to the platform.