Torq's role-based access control (RBAC) system ensures that users can access only the components and actions their roles permit. Users can access platform components and actions based on their assigned roles. Limit their access when necessary by assigning different roles to the same user in your organization's workspaces.
Flexible access control with Torq
Torq simplifies user management by offering preconfigured roles, each tailored to different levels of access and responsibilities within the platform:
Viewer: Ideal for those needing to view but not alter data.
Operator: Allows for operational interventions without full creation rights.
Creator: Grants the ability to generate new workflows and integrations.
Contributor: Offers a blend of creation and moderate management capabilities.
Owner: Provides full control over the workspace's assets and settings.
Additional roles are available in workspaces that have case management:
Cases Viewer: View-only access to case management.
Workspace Viewer: View-only access to the workspace, including automation and case management.
Cases Analyst: Enables work on cases without access to configuration settings.
Cases Contributor: Case Analyst with permissions to create and edit dashboards in Torq Reporting.
Workspace-specific role assignment
In Torq, RBAC settings are unique to each workspace, accommodating the diverse needs of multi-workspace environments. Users assigned to multiple workspaces can have different roles in each, providing tailored access based on the workspace's specific requirements.
Manage users and custom roles
To oversee user roles effectively:
Navigate to Settings > Users to manage user access and role assignment within your workspaces.
Create and adjust custom roles for your workspace. Navigate to Settings > Security > Roles, or use available steps.
Create custom roles
Torq allows you to create custom roles tailored to your organization’s unique needs. You can create custom roles within your workspace in three ways: using the custom roles API, going to Settings > Security > Roles, or using available steps.
To get started with settings:
Go to Settings > Security > Roles. Here you can view all the roles within your workspace, including the default roles.
The Users icon shows which roles are assigned to which user.
Default roles cannot be edited or deleted, but they can be duplicated to be used as templates for new custom roles. To duplicate, click the More options menu and then Duplicate.
Custom roles can be edited, duplicated, and deleted. They can only be deleted when they aren’t assigned to any user.
User roles can be reassigned from the Settings > Users page.
To create a custom role, click + Add.
Enter a unique and identifiable name.
Provide a clear description.
Select the activities you want the users with this role to be able to complete.
Add UI access for each Torq page you want the role to access. For example, to allow users to add steps to workflows, go to UI Access and enable View the Workflows page.
Click Save.
To get started with steps:
Go to Build > Workflows > Create Workflow, or edit an existing workflow.
In the Toolbox, search
role torqto find Torq steps that create, list, get, update, and delete roles in your workspace.The integration instance used in the selected step must have a Torq service API key with the Owner role.
When using the Create Role or Update Role step, list all the desired scopes in the Scope names parameter.
For additional assistance with custom role creation, contact Torq support.
Scopes
Viewer role
View-only access to Torq.
Visible UI pages
Workflows
Integrations
Workspace Variables
Templates
Activity Log
Insights
Reporting
Settings
Permissions
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
View activity log data | event.read |
View integration data | integration.read |
View custom secrets without access to their values | secret.read |
View step execution data | step.read |
View existing workspace variables | workspace.variables.read |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View dashboards (Torq Reporting) | dashboard.read |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
Operator role
Viewer + trigger workflows.
Visible UI pages
Workflows
Integrations
Workspace Variables
Templates
Activity Log
Insights
Settings
Permissions
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
View step execution data | step.read |
Run steps | step.execute |
View activity log data | event.read |
View integration data | integration.read |
View custom secrets without access to their values | secret.read |
Execute the Torq step Send Email | email.send |
View existing workspace variables | workspace.variables.read |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
Creator role
Operator + create and modify workflows and integrations.
Visible UI pages
Workflows
Integrations
Workspace Variables
Templates
Cases
Runbooks
Observables
Activity Log
Insights
Reporting
Settings
Permissions
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
Create workflows | playbook.write |
View step execution data | step.read |
Add steps to workflows | step.write |
Run steps | step.execute |
View integration data | integration.read |
Create integrations | integration.write |
View private and service API keys | apikey.read |
Create private API keys | apikey.write |
View workspace members list | user.read |
View activity log data | event.read |
View custom secrets without access to their values | secret.read |
Create and update custom secrets | secret.write |
View existing workspace variables | workspace.variables.read |
Create workspace variables | workspace.variables.write |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
View dashboards (Torq Reporting) | dashboard.read |
Create and edit dashboards (Torq Reporting) | dashboard.write |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
View the Cases page (relevant only in workspaces where case management is enabled) | cases.page.view |
Investigate cases (relevant only in workspaces where case management is enabled) |
Contributor role
Creator + publish workflows.
Visible UI pages
Workflows
Integrations
Workspace Variables
Templates
Cases
Runbooks
Observables
Activity Log
Insights
Reporting
Settings
Permissions
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
Create workflows | playbook.write |
View step execution data | step.read |
Add steps to workflows | step.write |
Run steps | step.execute |
Publish workflows | playbook.publish |
View integration data | integration.read |
Create integrations | integration.write |
View private and service API keys | apikey.read |
Create private API keys | apikey.write |
View list of users on the workspace | user.read |
View activity log data | event.read |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
Execute the Torq step Send Email | email.send |
View dashboards (Torq Reporting) | dashboard.read |
Create and edit dashboards (Torq Reporting) | dashboard.write |
Create and update cases | case.write |
View custom secrets without access to their values | secret.read |
Create and update custom secrets | secret.write |
View existing workspace variables | workspace.variables.read |
Create workspace variables | workspace.variables.write |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
View the Cases page (relevant only in workspaces where case management is enabled) | cases.page.view |
Investigate cases (relevant only in workspaces where case management is enabled) |
Owner role
Contributor + manage users and SSO.
Visible UI pages
Workflows
Integrations
Workspace Variables
Templates
Cases
Runbooks
Observables
Activity Log
Insights
Reporting
Settings
Permissions
Permission | Scope |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
Run workflows | playbook.execute |
Create workflows | playbook.write |
Publish workflows | playbook.publish |
View step execution data | step.read |
Add steps to workflows | step.write |
Run steps | step.execute |
View integration data | integration.read |
Create integrations | integration.write |
View private and service API keys | apikey.read |
Create private API keys | apikey.write |
View list of users on the workspace | user.read |
Manage workspace users and configure SSO | user.write |
Create support tickets | support.write |
Execute the Torq step Send Email | email.send |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
View dashboards (Torq Reporting) | dashboards.read |
Create and edit dashboards (Torq Reporting) | dashboards.write |
View IP access rules | ip.access.rule.read |
Modify IP access rules | ip.access.rule.write |
List audit logs | audit.read |
View activity log data | event.read |
View custom secrets without access to their values | secret.read |
Create and update custom secrets | secret.write |
View existing workspace variables | workspace.variables.read |
Create workspace variables | workspace.variables.write |
View the organization settings | organizations.read |
View the workspace settings | accounts.read |
Modify the workspace settings | accounts.write |
Share resources with other workspaces | resource.share |
Create Torq interactions | interaction.write |
Submit Torq interactions | interaction.submit |
View the Templates page | template.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View the Insights page | insights.page.view |
View the Workflows page | workflow.page.view |
View the Integrations page | integration.page.view |
View the Activity Log page | activity.log.page.view |
View the Settings page | settings.page.view |
View the Cases page (relevant only in workspaces where case management is enabled) | cases.page.view |
Investigate and Configure Cases (relevant only in workspaces where case management is enabled) |
Case-management roles and scopes
Workspaces with case management enabled have additional roles, and the default roles also have additional scopes related to case management.
Cases Viewer role
The Cases Viewer role only gives users access to the Cases page, allowing them to view cases, runbooks, and observables.
Visible UI pages
Cases
Runbooks
Observables
Reporting
Permissions
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
List and view observables | cm.observable.read |
List and view runbook | cm.runbook.read |
View activity log data | event.read |
View integration data | integration.read |
View step execution data | step.read |
List existing workflows | playbook.list |
View existing workflows | playbook.get |
View list of workspace users | user.read |
Submit Torq interactions | interaction.submit |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
View dashboards (Torq Reporting) | dashboard.read |
Deprecated | incident.read |
Workspace Viewer role
The Workspace Viewer role grants users view-only access to Torq, including automation and case management resources.
Visible UI pages
Workflows
Integrations
Workspace Variables
Templates
Cases
Runbooks
Observables
Activity Log
Insights
Reporting
Settings
Permissions
Permissions | Scope |
View the Activity Log page | activity.log.page.view |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
List and view observables | cm.observable.read |
List and view runbooks | cm.runbook.read |
View activity log data | event.read |
View the Insights page | insights.page.view |
View the Integrations page | integration.page.view |
List and view integrations | integration.read |
View custom secrets without access to their values | secret.read |
Submit Torq interactions | interaction.submit |
View existing workflows | playbook.get |
List existing workflows | playbook.list |
View the Settings page | settings.page.view |
View step execution data | step.read |
View the Templates page | template.page.view |
View list of workspace users | user.read |
View the Workflows page | workflow.page.view |
View the Workspace Variables page | workspace.variables.page.view |
View existing workspace variables | workspace.variables.read |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
View dashboards (Torq Reporting) | dashboard.read |
Cases Analyst role
The Cases Analyst role only gives users access to the Cases page and enables them to perform actions on cases but not modify case management configurations.
Visible UI pages
Cases
Runbooks
Observables
Reporting
Permissions
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
Create and update cases | cm.case.write |
Delete cases | cm.case.delete |
List and view observables | cm.observable.read |
Create and update observables | cm.observable.write |
Delete observables | cm.observable.delete |
List and view runbooks | cm.runbook.read |
View activity log data | event.read |
View integration data | integration.read |
View step execution data | step.read |
List existing workflows | playbook.list |
View existing workflows | playbook.get |
Run workflows | playbook.execute |
View list of workspace users | user.read |
Submit Torq interactions | interaction.submit |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
View dashboards (Torq Reporting) | dashboard.read |
Deprecated | incident.write |
Deprecated | incident.read |
Cases Contributor role
Cases Analyst with permissions to create and edit dashboards in Torq Reporting.
Visible UI pages
Cases
Runbooks
Observables
Reporting
Permissions
Permissions | Scope |
List and view cases | cm.case.read |
Create and update cases | cm.case.write |
Delete cases | cm.case.delete |
List and view observables | cm.observable.read |
Create and update observables | cm.observable.write |
Delete observables | cm.observable.delete |
List and view runbooks | cm.runbook.read |
View activity log data | event.read |
View integration data | integration.read |
List existing workflows | playbook.list |
View existing workflows | playbook.get |
Run workflows | playbook.execute |
View list of workspace users | user.read |
View dashboards (Torq Reporting) | dashboard.read |
Create and edit dashboards (Torq Reporting) | dashboard.write |
View unassigned cases | strict.cases.read.attr.unassigned |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View the Cases page | cases.page.view |
Execute Torq interactions | interaction.execute |
Submit Torq interactions | interaction.submit |
Create Torq interactions | interaction.write |
View step execution data | step.read |
Owner role
These are the case management–specific scopes of the Owner role.
Visible UI pages
Workflows
Integrations
Workspace Variables
Templates
Cases
Runbooks
Observables
Activity Log
Insights
Reporting
Settings
Permissions
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
Create and update cases | cm.case.write |
Delete cases | cm.case.delete |
Modify the structure/lifecycle of cases: add and remove custom fields, associate and disassociate runbooks, and create and delete quick actions. | cm.case.modify |
Make changes to case management configurations and presets. | cm.configuration.write |
List and view observables | cm.observable.read |
Create and update observables | cm.observable.write |
Delete observables | cm.observable.delete |
List and view runbooks | cm.runbook.read |
Create and update runbooks | cm.runbook.write |
Bypass case access restrictions | bypass.case.access.restriction |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
View dashboards (Torq Reporting) | dashboard.read |
Create and edit dashboards (Torq Reporting) | dashboard.write |
Contributor role
These are the case management–specific scopes of the Contributor role.
Visible UI pages
Workflows
Integrations
Workspace Variables
Templates
Cases
Runbooks
Observables
Activity Log
Insights
Reporting
Settings
Permissions
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
Create and update cases | cm.case.write |
Delete cases | cm.case.delete |
List and view observables | cm.observable.read |
Create and update observables | cm.observable.write |
Delete observables | cm.observable.delete |
List and view runbooks | cm.runbook.read |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
View dashboards (Torq Reporting) | dashboard.read |
Create and edit dashboards (Torq Reporting) | dashboard.write |
Creator role
These are the case management–specific scopes of the Creator role.
Visible UI pages
Workflows
Integrations
Workspace Variables
Templates
Cases
Runbooks
Observables
Activity Log
Insights
Reporting
Settings
Permissions
Permissions | Scope |
View the Cases page | cases.page.view |
List and view cases | cm.case.read |
Create and update cases | cm.case.write |
Delete cases | cm.case.delete |
List and view observables | cm.observable.read |
Create and update observables | cm.observable.write |
Delete observables | cm.observable.delete |
List and view runbooks | cm.runbook.read |
View cases assigned to others | strict.cases.read.attr.assigned.to.others |
View unassigned cases | strict.cases.read.attr.unassigned |
View dashboards (Torq Reporting) | dashboard.read |
Create and edit dashboards (Torq Reporting) | dashboard.write |
Operator role
The Operator role doesn't have access to case management.
Viewer role
The Viewer role doesn't have access to case management.
Deprecated scopes
The following scopes have been deprecated:
incident.read
incident.write
alert.read
alert.write
file.read
files.read
files.write
onboarding.write