Skip to main content
All CollectionsSet Up Torq
Torq Roles and Scopes: Managing Access and Permissions
Torq Roles and Scopes: Managing Access and Permissions

Efficiently manage user access and permissions in your workspace using Torq's Role-Based Access Control (RBAC) system.

Updated over a month ago

Torq's Role-Based Access Control (RBAC) system ensures that users can access only the components and actions their roles permit. Users can access platform components and actions based on their assigned roles. Limit their access when necessary by assigning different roles to the same user in your organization's workspaces.

Flexible Access Control with Torq

Torq simplifies user management by offering preconfigured roles, each tailored to different levels of access and responsibilities within the platform:

  • Viewer: Ideal for those needing to view but not alter data.

  • Operator: Allows for operational interventions without full creation rights.

  • Creator: Grants the ability to generate new workflows and integrations.

  • Contributor: Offers a blend of creation and moderate management capabilities.

  • Owner: Provides full control over the workspace's assets and settings.

Additional roles are available in workspaces that have case management: Cases Viewer and Cases Analyst.

Workspace-Specific Role Assignment

In Torq, RBAC settings are unique to each workspace, accommodating the diverse needs of multi-workspace environments. Users assigned to multiple workspaces can have different roles in each, providing tailored access based on the workspace's specific requirements.

Managing Users and Custom Roles

To oversee user roles effectively:

  • Navigate to Settings > Users to manage user roles and access within your workspace.

  • Torq also offers the capability to create custom roles, catering to unique organizational needs. For assistance or to set up custom roles, contacting Torq support is seamless.

Viewer Role

View-only access to Torq.

Permission

Scope

View existing workflows

playbook.get

List existing workflows

playbook.list

View activity log data

event.read

View integration data

integration.read

View step execution data

step.read

View existing workspace variables

workspace.variables.read

Submit Torq interactions

interaction.submit

View the Templates page

template.page.view

View the Workspace Variables page

workspace.variables.page.view

View the Insights page

insights.page.view

View the Workflows page

workflow.page.view

View the Integrations page

integration.page.view

View the Activity Log page

activity.log.page.view

View the Settings page

settings.page.view

Operator Role

Viewer + trigger workflows.

Permission

Scope

View existing workflows

playbook.get

List existing workflows

playbook.list

Run workflows

playbook.execute

View step execution data

step.read

Run steps

step.execute

View activity log data

event.read

View integration data

integration.read

View existing workspace variables

workspace.variables.read

Create Torq interactions

interaction.write

Submit Torq interactions

interaction.submit

View the Templates page

template.page.view

View the Workspace Variables page

workspace.variables.page.view

View the Insights page

insights.page.view

View the Workflows page

workflow.page.view

View the Integrations page

integration.page.view

View the Activity Log page

activity.log.page.view

View the Settings page

settings.page.view

Creator Role

Operator + create and modify workflows and integrations.

Permission

Scope

View existing workflows

playbook.get

List existing workflows

playbook.list

Run workflows

playbook.execute

Create workflows

playbook.write

View step execution data

step.read

Add steps to workflows

step.write

Run steps

step.execute

View integration data

integration.read

Create integrations

integration.write

View personal API keys

apikey.read

Create personal API keys

apikey.write

View workspace members list

user.read

View activity log data

event.read

Change secret values

secret.write

View existing workspace variables

workspace.variables.read

Create workspace variables

workspace.variables.write

Create Torq interactions

interaction.write

Submit Torq interactions

interaction.submit

View the Templates page

template.page.view

View the Workspace Variables page

workspace.variables.page.view

View the Insights page

insights.page.view

View the Workflows page

workflow.page.view

View the Integrations page

integration.page.view

View the Activity Log page

activity.log.page.view

View the Settings page

settings.page.view

View the Cases page (relevant only in workspaces where case management is enabled)

cases.page.view

Investigate cases (relevant only in workspaces where case management is enabled)

Contributor Role

Creator + publish workflows.

Permission

Scope

View existing workflows

playbook.get

List existing workflows

playbook.list

Run workflows

playbook.execute

Create workflows

playbook.write

View step execution data

step.read

Add steps to workflows

step.write

Run steps

step.execute

Publish workflows

playbook.publish

View integration data

integration.read

Create integrations

integration.write

View personal API keys

apikey.read

Create personal API keys

apikey.write

View list of users on the workspace

user.read

View activity log data

event.read

Change secret values

secret.write

View existing workspace variables

workspace.variables.read

Create workspace variables

workspace.variables.write

Create Torq interactions

interaction.write

Submit Torq interactions

interaction.submit

View the Templates page

template.page.view

View the Workspace Variables page

workspace.variables.page.view

View the Insights page

insights.page.view

View the Workflows page

workflow.page.view

View the Integrations page

integration.page.view

View the Activity Log page

activity.log.page.view

View the Settings page

settings.page.view

View the Cases page (relevant only in workspaces where case management is enabled)

cases.page.view

Investigate cases (relevant only in workspaces where case management is enabled)

Owner Role

Contributor + manage users and SSO.

Permission

Scope

View existing workflows

playbook.get

List existing workflows

playbook.list

Run workflows

playbook.execute

Create workflows

playbook.write

Publish workflows

playbook.publish

View step execution data

step.read

Add steps to workflows

step.write

Run steps

step.execute

View integration data

integration.read

Create integrations

integration.write

View personal API keys

apikey.read

Create personal API keys

apikey.write

View list of users on the workspace

user.read

Modify user data

user.write

Create support tickets

support.write

List audit logs

audit.read

View activity log data

event.read

Change secret values

secret.write

View existing workspace variables

workspace.variables.read

Create workspace variables

workspace.variables.write

Modify the organization settings

organizations.read

View the organization settings

organizations.write

Modify the workspace settings

accounts.read

View the workspace settings

accounts.write

Share resources with other workspaces

resource.share

Create Torq interactions

interaction.write

Submit Torq interactions

interaction.submit

View the Templates page

template.page.view

View the Workspace Variables page

workspace.variables.page.view

View the Insights page

insights.page.view

View the Workflows page

workflow.page.view

View the Integrations page

integration.page.view

View the Activity Log page

activity.log.page.view

View the Settings page

settings.page.view

View the Cases page (relevant only in workspaces where case management is enabled)

cases.page.view

Investigate and Configure Cases (relevant only in workspaces where case management is enabled)

Case Management Roles and Scopes

Workspaces with case management enabled have additional roles, and the default roles also have additional scopes related to case management.

Cases Analyst Role

The Cases Analyst role only gives users access to the Cases page and enables them to perform actions on cases but not modify case management configurations.

Permissions

Scope

View the Cases page

cases.page.view

List and view cases

cm.case.read

Create and update cases

cm.case.write

Delete cases

cm.case.delete

List and view observables

cm.observable.read

Create and update observables

cm.observable.write

List and view runbooks

cm.runbook.read

View activity log data

event.read

View integration data

integration.read

View step execution data

step.read

List existing workflows

playbook.list

View existing workflows

playbook.get

Run workflows

playbook.execute

View list of workspace users

user.read

Submit Torq interactions

interaction.submit

View cases assigned to others

strict.cases.read.attr.assigned.to.others

View unassigned cases

strict.cases.read.attr.unassigned

Deprecated

incident.write

Deprecated

incident.read

Workspace Viewer Role

The Workspace Viewer role grants users view-only access to Torq, including automation and case management resources.

Permissions

Scope

View the Activity Log page

activity.log.page.view

View the Cases page

cases.page.view

List and view cases

cm.case.read

List and view observables

cm.observable.read

List and view runbooks

cm.runbook.read

View activity log data

event.read

View the Insights page

insights.page.view

View the Integrations page

integration.page.view

List and view integrations

integration.read

Submit Torq interactions

interaction.submit

View existing workflows

playbook.get

List existing workflows

playbook.list

View the Settings page

settings.page.view

View step execution data

step.read

View the Templates page

template.page.view

View list of workspace users

user.read

View the Workflows page

workflow.page.view

View the Workspace Variables page

workspace.variables.page.view

View existing workspace variables

workspace.variables.read

View cases assigned to others

strict.cases.read.attr.assigned.to.others

View unassigned cases

strict.cases.read.attr.unassigned

Cases Viewer Role

The Cases Viewer role only gives users access to the Cases page, allowing them to view cases and observables.

Permissions

Scope

View the Cases page

cases.page.view

List and view cases

cm.case.read

List and view observables

cm.observable.read

List and view runbooks

cm.runbook.read

View activity log data

event.read

View integration data

integration.read

View step execution data

step.read

List existing workflows

playbook.list

View existing workflows

playbook.get

View list of workspace users

user.read

Submit Torq interactions

interaction.submit

View cases assigned to others

strict.cases.read.attr.assigned.to.others

View unassigned cases

strict.cases.read.attr.unassigned

Deprecated

incident.read

Owner Role

These are the case-management-specific scopes of the Owner role.

Permissions

Scope

View the Cases page

cases.page.view

List and view cases

cm.case.read

Create and update cases

cm.case.write

Delete cases

cm.case.delete

Modify the structure/lifecycle of cases: add and remove custom fields, associate and disassociate runbooks, and create and delete quick actions.

cm.case.modify

Make changes to case management configurations

cm.configuration.write

List and view observables

cm.observable.read

Create and update observables

cm.observable.write

List and view runbooks

cm.runbook.read

Create and update runbooks

cm.runbook.write

View cases assigned to others

strict.cases.read.attr.assigned.to.others

View unassigned cases

strict.cases.read.attr.unassigned

Contributor Role

These are the case-management-specific scopes of the Contributor role.

Permissions

Scope

View the Cases page

cases.page.view

List and view cases

cm.case.read

Create and update cases

cm.case.write

Delete cases

cm.case.delete

List and view observables

cm.observable.read

Create and update observables

cm.observable.write

List and view runbooks

cm.runbook.read

View cases assigned to others

strict.cases.read.attr.assigned.to.others

View unassigned cases

strict.cases.read.attr.unassigned

Creator Role

These are the case-management-specific scopes of the Creator role.

Permissions

Scope

View the Cases page

cases.page.view

List and view cases

cm.case.read

Create and update cases

cm.case.write

Delete cases

cm.case.delete

List and view observables

cm.observable.read

Create and update observables

cm.observable.write

List and view runbooks

cm.runbook.read

View cases assigned to others

strict.cases.read.attr.assigned.to.others

View unassigned cases

strict.cases.read.attr.unassigned

Operator Role

The Operator role doesn't have access to case management.

Viewer Role

The Viewer role doesn't have access to case management.

Did this answer your question?