User Roles
User roles are a collection of permissions that can be assigned to individual users using the symflow
CLI.
Overview
The three user roles available at Sym are:
admin
member
guest
To check your role from Slack, run /sym whoami
:

User creation defaults
- Users in your primary domain, or whose email domains have been added via
symflow
will be created withmember
roles. - Users in your Slack Workspace who do not share your primary domain and whose email domains have not been added via
symflow
will be created withguest
roles - Users must be explicitly granted
admin
privileges by other Admins
For more information about Roles and Domains, see Working With Multiple User Domains
Role details
admin
Role
admin
RoleThe admin
role enables a User to interact fully with the symflow
CLI, including:
- Full CRUD for Services, Users, Resources, and Domains
- Setting Roles for other Users (e.g. creating other
admin
Users) - Applying Terraform to update an Organization's Sym configuration.
In addition, admin
Users can initiate requests from Slack or the Sym API, and can interact with the approval dialog in Slack.
This role is usually held by the implementer, who will need to push Sym configuration changes via terraform apply
.
member
Role
member
RoleThe member
role lets users make access requests, and allows them to interact with the approval dialog in Slack. Members cannot run terraform apply
, or change configurations via symflow
CLI.
This role is usually held by team members who need to make access requests and/or approve access requests made by other team members.
guest
Role
guest
RoleThe guest
role conditionally lets users interact with the approval dialog in Slack. By default, guests are not allowed to interact with the approval dialog.
This behavior can be controlled by the allow_guest_interaction
boolean parameter that can optionally be set on the Flow resource in Terraform. When the boolean is set to true
, guests are able to interact with the Approve
, Deny
, and Revoke
buttons in the approval dialog. When not provided, or set to false
, guests' clicks will be ignored, and they will receive a DM explaining why.
Permissions table
Action | Admin | Member | Guest |
---|---|---|---|
terraform apply configuration changes | X | ||
Make access requests | X | X | |
Approve/Deny/Revoke access in approval dialog | X | X | X (conditionally) |
Assign/revoke roles from other users | X |
Updated 12 months ago