Skip to main content

Users, Groups, Roles and Permissions

Now that you understand how Torque works, it's time to understand how groups, roles and permissions work, and invite other members of your team to your Torque account and spaces.

In this article:

Groups in Torque

Groups are an efficient way to manage multiple users together. A Torque group consists of:

  • The group permissions
  • The group users

A user can be a member of multiple groups. Torque will calculate the super-set of all the permissions that the user has in the platform (those that were given them explicitly and those which they inherited from the set of groups they belong to).

A group can be assigned multiple roles in multiple spaces and a single account level role.

Group management is performed from the "Account Settings" menu.

If your Torque account is configured to use SSO for authentication, the assignment of SSO users to groups in Torque can be synchronized automatically from the IdP assignments (currently supported in Okta and Azure active directory).

For detailed instructions on how to map Torque user groups to your IdP groups, click here.

Roles in Torque

As Account Admin, you can invite users to your Torque account and add them to spaces, while Space Admins can only add existing Torque users to the spaces they administer.

There are two account-level roles: Account Admins and Account Members. Account Admins have full administrative permissions across the entire account and all spaces. Account Members also have a space role assigned to them for each space, which determines their permissions in that space. As such, the same user can have different roles in different spaces.

As such, there are 4 roles in Torque:

  • Account Admin has full permissions in all Torque spaces, and can access the Administration area, which is not accessible to space admins. The account admin is responsible for setting up Torque for the first time, general supervision and ongoing maintenance. This includes account-level responsibilities, like inviting users to the Torque account, creating spaces, and adding cloud account and Kubernetes compute services, general supervision and ongoing maintenance, and must be able to operate as a space administrator.
  • Space Admin has admin access to specific space(s). This user performs space-level administration, like managing the space's users and their roles, linking the blueprint repository, managing the space policies and tags, and viewing cost data.
  • Space Developer tracks the space's usage and cost. As such, this user also manages the tags that are attached to each cloud resource launched as part of the space's environments.
  • Space Member is the end-user of the environment. This user browses the blueprint catalog and launches the environment they need. Typical examples of a space member include a developer who is tasked with creating the blueprint, and a QA specialist who needs to run validation tests before pushing the updates to production.
PermissionDescriptionAccount adminSpace adminSpace developerSpace member
Manage account1. Config audit log target.
2. Delete the account.
3. View account usage and cost.
Locale Dropdown
Manage agentsInstall new Torque agents (requires K8s cluster or Vcenter access), delete agents, edit agents properties.Locale Dropdown
Manage cloud accounts for cost collectionAdd/remove cloud accounts for Torque to collect environment cost from.Locale Dropdown
[Manage spaces](/getting-started/Getting starting with terraform)1. Create/delete/rename spaces.
2. Associate/remove agents to/from spaces.
Locale Dropdown
Manage usersInvite users to Torque, cancel users invitations, add users to space, change users roles.Locale Dropdown
Manage account parametersCreate/update/delete names and values of parameters, which are available across the account.Locale Dropdown
Manage credentialsCreate/update/delete credentials to cloud accounts, which can later be used for infra provisioning, cost or actions.Locale Dropdown
Manage account tagsCreate custom tags definitions to be applied across the account.Locale Dropdown
Manage policiesCreate/update/delete policies to control security and cost across the account.Locale Dropdown
Manage space notificationsCreate/delete/modify target for Torque notifications for space events.Locale DropdownLocale Dropdown
Manage space tagsSet space specific values to Tags defined by the account admin for the "space" scope.Locale DropdownLocale Dropdown
Manage space parametersCreate/update/delete names and values of parameters which are available across the space.Locale DropdownLocale Dropdown
[Customize space color and icon](/getting-started/Getting starting with terraform)Locale DropdownLocale Dropdown
Publish blueprintsAdd/remove blueprints from the catalog.Locale DropdownLocale Dropdown
Manage space repositories1. Add/remove git repositories containing Torque blueprints or IaC assets to a space.
2. Run discovery on the repositories to find and add assets to Torque (as auto-generated blueprints).
Locale DropdownLocale Dropdown
Manage space users and rolesAdd Torque users to a space and set their role in the space.Locale DropdownLocale Dropdown
Manage space blueprints1. Modify the contents of a blueprint that resides in Torque (not in source control) or delete it.
2. Edit blueprint metadata (labels, icons).
Locale DropdownLocale DropdownLocale Dropdown
Manage blueprint tagsSet blueprint-specific values for tags defined by the account admin for the "blueprint" scope.Locale DropdownLocale DropdownLocale Dropdown
Force terminate environmentTerminate a blueprint that failed normal termination while ignoring previous errors.Locale DropdownLocale DropdownLocale Dropdown
View agentsView the list of Torque agents connected to an account.Locale DropdownLocale DropdownLocale Dropdown
View space usersView the list of users in a space.Locale DropdownLocale DropdownLocale Dropdown
View space repositoriesView the list of repositories in a space.Locale DropdownLocale DropdownLocale Dropdown
View space notificationsView the list of notification targets and configuration of a space.Locale DropdownLocale DropdownLocale Dropdown
View account tagsView the list of tags in the account.Locale DropdownLocale DropdownLocale Dropdown
View account parametersView the list of parameters in the account.Locale DropdownLocale DropdownLocale Dropdown
View space cost dashboardView the cost dashboard of a space.Locale DropdownLocale DropdownLocale Dropdown
Update Grains (Iac Assets)Update the IaC code to a different version.Locale DropdownLocale DropdownLocale Dropdown
[View Catalog](/getting-started/Getting starting with terraform)View the list of published blueprints in the blueprint catalog.Locale DropdownLocale DropdownLocale DropdownLocale Dropdown
[Launch environments](/getting-started/Getting starting with terraform)Provision an environment from a blueprint.Locale DropdownLocale DropdownLocale DropdownLocale Dropdown
Extend environmentsExtend the duration of an environment.Locale DropdownLocale DropdownLocale DropdownLocale Dropdown
Terminate environmentsEnd the environment before the scheduled end time.Locale DropdownLocale DropdownLocale DropdownLocale Dropdown
[Manage environment drift](/getting-started/Getting starting with terraform)View the diff between the plan (blueprint) and the reality (resources in the cloud) and revert the cloud status to the plan.Locale DropdownLocale DropdownLocale DropdownLocale Dropdown
Run API callsUse Torque's REST API to perform different operations (based on permissions).Locale DropdownLocale DropdownLocale DropdownLocale Dropdown
View environment cost dataView expected cost of the environment at launch time and the actual cost of an environment on the environment page.Locale DropdownLocale DropdownLocale DropdownLocale Dropdown

Invite Users to Torque

Torque role: Account admin

  1. Open the Administration page.
  2. Select Users.
  3. Click the Invite User button.
  4. Enter a user's email address and press the [ENTER] key. Repeat to add additional users.
  5. Select the space settings to apply to the users. For details about each role's permissions, see the Roles tab in the Administration page.
  6. Click Send Invitation. The users will get a "Welcome to Torque" invitation email, prompting them to login to the space. Once they log in, they will be granted the space role and permissions you specified.

Add Existing Users to Your Space

Torque role: Account admin, space admin

  1. In the suitable Torque space, select Settings from the left menu.
  2. Click the Users tab.
  3. Click the Add Users button.
  4. Select the Torque user you wish to add to this space. Repeat to add additional users.
  5. Click Done. By default, new users are assigned the Space Member role.
  6. Change the roles as needed.

Adding Users Without Invitation

In some situations, the account admin may want to add users to the Torque account without sending invitations to the users. This can be done via an API call only. Check the API documentation in Governance -> Add Users to Account without invitation for details.