And do we have a list of what each of those roles mean ? For example what is "audit trail" ? Should my normal "users" have read access to it ? 🤷

Hi Matt! We don’t have a list of what each of these roles mean. Generally, “Create”, “Read”, “Update”, and “Delete” permissions refer to the ability to perform that operation on an object. So

read:flow

would give a user the right to view flows. “audit trail” refers to the ability to see audit logs. I would recommend only allowing this for admin users.

read:message

gives permission to read notifications sent by Prefect within a tenant, usually to a specific user. I would recommend giving that to all users.

update:log

, as you might guess by now, gives users the ability to update log records. This is actually not used at the moment within the Cloud 1.0 platform. But if we were to add an operation that updated logs in the future, it might become relevant. You might find the docs here helpful https://docs-v1.prefect.io/orchestration/rbac/overview.html Is there a specific persona you’re trying to create a role for?

Thanks Zach. I was already looking at the same Prefect doc page 👍 Thanks for the explanation of those roles 🙏

Yeah, I’ll respond in that thread for consistency