Individuals can be assigned one of four roles, which permit or limit the ability to perform specific actions within Cortex. These actions range from creating API keys and adding integrations to editing scorecards and creating services.

• Admins: Admins are the owners of the workspace. They have global access to everything within Cortex: settings, scorecards, and services.
• Managers: Managers have most of the same abilities as admins, but cannot modify permissions or other settings. Managers can create and edit scorecards, services, and teams.
• Users: Users cannot modify settings, nor can they edit or create scorecards. Users can edit and create services and teams.
• Viewers: Viewers cannot create or edit anything within the workspace. This is a read-only role.

Permissions have no impact on an individual’s visibility within Cortex — everyone with access to your workspace, including viewers, has full visibility into Scorecards, Initiatives, reports, service and resource details, and other critical information.

Permissions can be found under settings.

Note: Only admins have access to this page.

From the Permissions page, you can view a list of all individuals who exist within your workspace, as well as the roles assigned to each individual. You can search this list or filter it by role.

Adding a new user to Cortex

To add a new user to the platform, first direct the user to attempt to log in and authenticate. If the user has the appropriate @domain.xyz, they will be added automatically.  If the user sees an access denied error, this indicates that the user is not authorized to log in and access the app via your SSO tool.

For cloud customers looking to add a secondary @domain.xyz, please reach out to help@cortex.io to have this facilitated for you. This restriction does not apply to self-hosted customers.  

Modifying permissions and removing users

From this page, you can also directly edit an individual’s role. Click the dropdown next to their name to update their role. Once you've selected the appropriate role, Cortex will automatically update the individual’s permissions.

You also have the ability to remove an individual from your workspace. Select the trash can icon to remove a user. You’ll be asked to confirm this action so you don’t accidentally remove users.

If you’re using a domain restriction, and users retain access to their Okta or Google accounts, these deleted individuals will be reinstated in Cortex when they log back in through the SSO. If an individual leaves your organization, however, this will ensure that they can no longer access information within Cortex.

Default Role for New Users

Default roles can be set in `/admin/settings/permissions`, which is the assigned role for all new users who are provisioned for your workspace.  

Group permissions

Group permissions allow you to assign the same role to a set of users all at once. To set group permissions, select Add new group. 

When you select a Group, a dropdown menu will populate with all options from your group source (e.g. Okta, GitHub teams). Choose the Role that will apply to all members of the team.

Once you’ve selected the appropriate group and assigned a role, click Save. You’ll then see that group appear within the list of group permissions. From here, you can easily modify the role assigned to each group by clicking the dropdown, just like with user permissions.

Cortex will automatically update individuals’ roles when they join or change teams, making this a particularly efficient way to set permissions.

Permissions in practice

Individuals will retain the maximum role they’ve been given. For example, if an individual is assigned a manager role, but they’re part of a group with admin permissions, they will have admin permissions throughout Cortex.

Because permissions impact the ability to perform an action, but not visibility, if an individual doesn’t have the permission to perform a certain action, the option simply will not appear. Typically, admins and managers can perform functions that rely on third party integrations, while users and viewers are limited to data within Cortex.

Permissioning allows you to make sure that only authorized individuals can make high-level changes to the workspace, while ensuring that no role limits anyone’s access to the valuable information within Cortex.