Torq's Role-Based Access Control (RBAC) system ensures that users can access only the components and actions their roles permit. Users can access platform components and actions based on their assigned roles. Limit their access when necessary by assigning different roles to the same user in your organization's workspaces.
Flexible Access Control with Torq
Torq simplifies user management by offering preconfigured roles, each tailored to different levels of access and responsibilities within the platform:
Viewer: Ideal for those needing to view but not alter data.
Operator: Allows for operational interventions without full creation rights.
Creator: Grants the ability to generate new workflows and integrations.
Contributor: Offers a blend of creation and moderate management capabilities.
Owner: Provides full control over the workspace's assets and settings.
Additional roles are available in workspaces that have case management: Cases Viewer and Cases Analyst.
Workspace-Specific Role Assignment
In Torq, RBAC settings are unique to each workspace, accommodating the diverse needs of multi-workspace environments. Users assigned to multiple workspaces can have different roles in each, providing tailored access based on the workspace's specific requirements.
Managing Users and Custom Roles
To oversee user roles effectively:
Navigate to Settings > Users to manage user roles and access within your workspace.
Torq also offers the capability to create custom roles, catering to unique organizational needs. For assistance or to set up custom roles, contacting Torq support is seamless.
Viewer Role
View-only access to Torq.
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
View activity log data | event.read |
View integration data | integration.read |
View step execution data | step.read |
View existing workspace variables | workspace.variables.read |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
Operator Role
Viewer + trigger workflows.
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
View step execution data | step.read |
Run steps | step.execute |
View activity log data | event.read |
View integration data | integration.read |
View existing workspace variables | workspace.variables.read |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
Creator Role
Operator + create and modify workflows and integrations.
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
Create workflows | playbook.write |
View step execution data | step.read |
Add steps to workflows | step.write |
Run steps | step.execute |
View integration data | integration.read |
Create integrations | integration.write |
View personal API keys | apikey.read |
Create personal API keys | apikey.write |
View workspace members list | user.read |
View activity log data | event.read |
Change secret values | secret.write |
View existing workspace variables | workspace.variables.read |
Create workspace variables | workspace.variables.write |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
View the Cases page (relevant only in workspaces where case management is enabled) | cases.page.view |
Investigate cases (relevant only in workspaces where case management is enabled) |
Contributor Role
Creator + publish workflows.
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
Create workflows | playbook.write |
View step execution data | step.read |
Add steps to workflows | step.write |
Run steps | step.execute |
Publish workflows | playbook.publish |
View integration data | integration.read |
Create integrations | integration.write |
View personal API keys | apikey.read |
Create personal API keys | apikey.write |
View list of users on the workspace | user.read |
View activity log data | event.read |
Change secret values | secret.write |
View existing workspace variables | workspace.variables.read |
Create workspace variables | workspace.variables.write |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
View the Cases page (relevant only in workspaces where case management is enabled) | cases.page.view |
Investigate cases (relevant only in workspaces where case management is enabled) |
Owner Role
Contributor + manage users and SSO.
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
Create workflows | playbook.write |
Publish workflows | playbook.publish |
View step execution data | step.read |
Add steps to workflows | step.write |
Run steps | step.execute |
View integration data | integration.read |
Create integrations | integration.write |
View personal API keys | apikey.read |
Create personal API keys | apikey.write |
View list of users on the workspace | user.read |
Modify user data | user.write |
Create support tickets | support.write |
List audit logs | audit.read |
View activity log data | event.read |
Change secret values | secret.write |
View existing workspace variables | workspace.variables.read |
Create workspace variables | workspace.variables.write |
Modify the organization settings | organizations.read |
View the organization settings | organizations.write |
Modify the workspace settings | accounts.read |
View the workspace settings | accounts.write |
Share resources with other workspaces | resource.share |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
View the Cases page (relevant only in workspaces where case management is enabled) | cases.page.view |
Investigate and Configure Cases (relevant only in workspaces where case management is enabled) |
Case Management Roles and Scopes
Workspaces with case management enabled have additional roles, and the default roles also have additional scopes related to case management.
Cases Analyst Role
The Cases Analyst role only gives users access to the Cases page and enables them to perform actions on cases but not modify case management configurations.
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
Create and update cases | cm.case.write |
Delete cases | cm.case.delete |
List and view observables | cm.observable.read |
Create and update observables | cm.observable.write |
List and view runbooks | cm.runbook.read |
View activity log data | event.read |
View integration data | integration.read |
View step execution data | step.read |
List existing workflows | playbook.list |
View existing workflows | playbook.get |
Run workflows | playbook.execute |
View list of workspace users | user.read |
Submit Torq interactions | interaction.submit |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
Deprecated | incident.write |
Deprecated | incident.read |
Workspace Viewer Role
The Workspace Viewer role grants users view-only access to Torq, including automation and case management resources.
Permissions | Scope |
View the Activity Log page | activity.log.page.view |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
List and view observables | cm.observable.read |
List and view runbooks | cm.runbook.read |
View activity log data | event.read |
View the Insights page | insights.page.view |
View the Integrations page | integration.page.view |
List and view integrations | integration.read |
Submit Torq interactions | interaction.submit |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
View the Settings page | settings.page.view |
View step execution data | step.read |
View the Templates page | template.page.view |
View list of workspace users | user.read |
View the Workflows page | workflow.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View existing workspace variables | workspace.variables.read |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
Cases Viewer Role
The Cases Viewer role only gives users access to the Cases page, allowing them to view cases and observables.
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
List and view observables | cm.observable.read |
List and view runbooks | cm.runbook.read |
View activity log data | event.read |
View integration data | integration.read |
View step execution data | step.read |
List existing workflows | playbook.list |
View existing workflows | playbook.get |
View list of workspace users | user.read |
Submit Torq interactions | interaction.submit |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
Deprecated | incident.read |
Owner Role
These are the case-management-specific scopes of the Owner role.
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
Create and update cases | cm.case.write |
Delete cases | cm.case.delete |
Modify the structure/lifecycle of cases: add and remove custom fields, associate and disassociate runbooks, and create and delete quick actions. | cm.case.modify |
Make changes to case management configurations | cm.configuration.write |
List and view observables | cm.observable.read |
Create and update observables | cm.observable.write |
List and view runbooks | cm.runbook.read |
Create and update runbooks | cm.runbook.write |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
Contributor Role
These are the case-management-specific scopes of the Contributor role.
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
Create and update cases | cm.case.write |
Delete cases | cm.case.delete |
List and view observables | cm.observable.read |
Create and update observables | cm.observable.write |
List and view runbooks | cm.runbook.read |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
Creator Role
These are the case-management-specific scopes of the Creator role.
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
Create and update cases | cm.case.write |
Delete cases | cm.case.delete |
List and view observables | cm.observable.read |
Create and update observables | cm.observable.write |
List and view runbooks | cm.runbook.read |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
Operator Role
The Operator role doesn't have access to case management.
Viewer Role
The Viewer role doesn't have access to case management.