Teams & Permissions
Role-based access control in Flipswitch
Flipswitch uses role-based access control (RBAC) to manage who can do what. Permissions are scoped to organizations, projects, and environments.
How It Works
Organization
├── Members (users who belong to the org)
├── Groups (collections of users with permissions)
└── Projects
└── EnvironmentsUsers get permissions through group membership. Groups can have permissions at any level.
Permission Levels
| Level | Controls |
|---|---|
| Organization | Create projects, manage members, manage groups |
| Project | Create flags, create environments, manage segments |
| Environment | Toggle flags, edit rules, create API keys |
Roles
Each level has two roles:
| Role | Can Do |
|---|---|
| Admin | Full control - create, edit, delete |
| Member | Read access + toggle flags in environments they can access |
Example permission strings:
org:admin # Full org control
project:123:admin # Admin on project 123
env:456:member # Member on environment 456Common Patterns
All developers can read, leads can write:
Group: "Developers"
- org:member (can view all projects)
Group: "Tech Leads"
- org:member
- project:web-app:admin
- project:mobile-app:adminEnvironment-specific access:
Group: "Production Ops"
- env:production:admin (can toggle prod flags)
Group: "Developers"
- env:development:admin (can toggle dev flags)
- env:staging:admin (can toggle staging flags)
- env:production:member (can view prod, not modify)