This tutorial helps you define a practical access model for a small team and then scale it with repeatable patterns.Documentation Index
Fetch the complete documentation index at: https://budecosystem-b7b14df4.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
What You’ll Build
- A baseline admin team with constrained manage scopes.
- Client users with project-level access.
- A recurring access review process.
Step 1: Define Access Personas
Start with 3 personas:- Platform Admin: needs
user:manage,project:manage,cluster:view. - Developer Admin: needs
model:manage,project:manage. - Client Operator: needs project-level
view/manageas required.
Step 2: Create Admin Accounts
- Add platform admin users with minimal necessary manage scopes.
- Keep only one or two
super_adminusers for break-glass operations. - Require documented business justification for broad scope grants.
Step 3: Invite Client Users
- Add client users for each team or department.
- Tag users with clear naming and purpose for easier audit reviews.
- Validate each invite reaches
activestate.
Step 4: Assign Project Permissions
- Share projects with collaborators at
viewfirst. - Upgrade to
manageonly where edit/deploy actions are required. - Verify inherited access by checking project resources.
Step 5: Validate with Access Tests
Run a short checklist:- Can admin users open expected modules?
- Are restricted modules hidden or blocked appropriately?
- Can client users access only assigned projects?
- Are unauthorized actions denied?
Step 6: Operationalize Reviews
- Review all
managegrants weekly for fast-moving teams. - Review all user access monthly.
- Remove stale users and unused elevated permissions.
Recommended Baseline Matrix
| Persona | Global Scopes | Project Scope |
|---|---|---|
| Platform Admin | user:manage, project:manage, cluster:view | Optional |
| Developer Admin | model:manage, project:manage, benchmark:view | Optional |
| Client Operator | None or minimal global scope | view or manage per project |