Torq's Role-Based Access Control (RBAC) system is a foundational element designed to enhance security and streamline management within organizations.

Torq’s RBAC system organizes permissions around organizations, workspaces, roles, and scopes. Together, these components control who can access resources and what actions they can perform.

The top-level structure provided to subscribers. It represents the overall environment where hyperautomation resources and workspaces are managed.

A workspace is an isolated environment within an organization where automation resources are created and managed. Workspaces operate independently and help segment automation by team, environment, geography, or customer. Resources can be selectively shared between workspaces while maintaining RBAC enforcement.

Common workspace use cases include:

Scopes define specific permissions within a workspace, controlling which actions users or API clients can perform. Scopes evolve as new features are added, ensuring permissions remain aligned with platform capabilities.

Roles group multiple scopes together and define what actions users can perform within a workspace. Torq provides predefined roles as well as the ability to create custom roles for specialized operational requirements.

Claim mapping rules determine how roles are assigned when users authenticate through Single Sign-On (SSO). These rules evaluate specific user claims provided by the Identity Provider (IdP), such as group membership, location, or device attributes, to automatically assign roles and permissions.

Workspace resources include both persistent and transient components used in Torq automation and configuration.

Torq’s use of workspaces forms the foundation of its RBAC model. Workspaces provide clear separation between automation environments while allowing administrators to control access and share resources where appropriate.

Resources within workspaces support a wide range of automation capabilities and may include:

Although workspaces are isolated by design, certain resources can be shared between them when required. Resource sharing enables teams to reuse integrations, workflows, and other components without duplicating configuration while still maintaining strict access control through RBAC.
The diagram below illustrates an example of a Torq organization with multiple workspaces, each containing its own set of resources. Some resources can be shared across workspaces while still adhering to RBAC policies.

Torq supports advanced RBAC configurations for large or complex organizations. Custom roles can be created to meet specific operational requirements, allowing organizations to tailor permissions to their workflows and security policies. Contact Torq Support if you need to extend or customize the default roles.

User access is defined by the mapping of User > Workspace > Role. This mapping can be configured in two ways:

For large organizations, Torq can also support multiple IdPs across different workspaces upon request, enabling more flexible identity and access management.