Skip to main content

Role-based access control (RBAC)

Role-based access control (RBAC) policies define how users interact with Metronome, what they are allowed to see and what changes they are allowed to make. This increases your control over what data and authorizations a user has, minimizing the scope of security vulnerabilities and reducing human error.

Metronome offers three out-of-the-box roles. We also support custom roles, allowing you to tailor permissions to your needs. The standard roles are:

  • Administrator: This is ideal for project leads who need full functional access to oversee Metronome configuration and integration with other systems, along with administrative controls. Administrators have full CRUD (create, read, update and delete) access to all components of the Metronome system.

  • Writer: This is ideal for members of the working team who are responsible for configuring and maintaining Metronome, including integrations with other systems. Writers have CRUD access to everything in Metronome except the creation of API keys or administrative settings (like setting up data export).

  • Reader: This is ideal for a non-acting member of the working team that is not involved with configuration, but needs access to Metronome data or is supporting the roll out of Metronome at your organization. Readers can view all components of the Metronome system, but have no create, update or delete access to any parts of the system.

Setting up RBAC:‚Äč

RBAC policies are defined in your identity provider, so this requires setting up SSO. If no SSO is configured, all users with access to Metronome will have full access permissions.


If interested in setting up RBAC policies or creating a custom role, please reach out to your Metronome representative.