Role-Based Access Control
Falcon Role-Based Access Control (RBAC) governs who can develop, manage, and use Foundry apps.
Foundry roles
Section titled “Foundry roles”| Role | Capabilities |
|---|---|
| Falcon Administrator | Full access to all Foundry features. Can create, deploy, release, install, and delete apps. Can manage all app capabilities and assign roles. |
| Foundry App Developer | Can create, develop, deploy, and release apps. Cannot install apps for other users or manage RBAC assignments. |
Permissions by action
Section titled “Permissions by action”| Action | Falcon Administrator | Foundry App Developer |
|---|---|---|
| Create apps | Yes | Yes |
| Develop (edit capabilities) | Yes | Yes |
| Deploy apps | Yes | Yes |
| Release apps | Yes | Yes |
| Install / uninstall apps | Yes | No |
| Delete apps | Yes | Yes (own apps) |
| Manage RBAC | Yes | No |
| View App Catalog | Yes | Yes |
| Clone apps | Yes | Yes |
| Import / export apps | Yes | Yes |
Assigning roles
Section titled “Assigning roles”Roles are assigned in the Falcon console under User management > Roles. Users can hold multiple roles.
App-level access control
Section titled “App-level access control”Individual app capabilities can have additional access restrictions:
- Collections — Configure read and write permissions per collection for different roles.
- Workflow templates — Set share settings to control who can view and execute workflows.
- UI extensions and pages — Visible to all users who have the app installed, subject to their Falcon RBAC permissions.