Skip to content
ricochet
Search limited to 0.9. Switch to the latest version for up-to-date results.

User Roles

Every user has one of three roles that determine their system-wide capabilities.

  • Admin: can manage users and all server content
  • Developer: can deploy items
  • Consumer: can only view items

| Capability | Admin | Developer | Consumer | | ------------------- | :---: | :-------: | :------: | | View internal items | ✅ | ✅ | ✅ | | View external items | ✅ | ✅ | ✅ | | Deploy content | ✅ | ✅ | ❌ | | Manage own items | ✅ | ✅ | ❌ | | Access all items | ✅ | ❌ | ❌ | | Manage server | ✅ | ❌ | ❌ | | Assign user roles | ✅ | ❌ | ❌ |

Default User Role

Section titled “Default User Role”

When new users authenticate for the first time, they are assigned a default role. The default role is Developer, but you can configure this to meet your organization’s needs.

Add the following to your ricochet-config.toml:

[auth]
default_role = "consumer"

Admin

Section titled “Admin”

Administrators have full access to all actions in the ricochet UI including the following capabilities.

  • Manage all content items on the server
  • Manage all users and their roles
  • Access all deployed items regardless of access permissions

Developer

Section titled “Developer”

Developers can create and manage their own content:

  • Deploy items to ricochet using the CLI or Git
  • Manage settings for items they own
  • Collaborate on items they’ve been invited to
  • View internal and external items they own or are collaborators to

Developers cannot:

  • Access other users’ private items (unless added as a collaborator)
  • Manage server settings
  • Assign user roles

Consumer

Section titled “Consumer”

Consumers have view-only access:

  • View items they have permission to access
  • Cannot deploy or modify any items
  • Cannot access private items unless explicitly granted access as a collaborator

Consumers are ideal for:

  • Stakeholders who need to view dashboards and reports
  • External users accessing public content
  • Teams that consume data products without creating them

Assigning Roles

Section titled “Assigning Roles”

User roles are assigned by administrators through the ricochet admin interface.

Initial Login: When users authenticate for the first time via OIDC, they are automatically assigned the default role configured in your settings.

Changing Roles: Administrators can change user roles from the Users page /users, selecting the user, and changing their Role.