Skip to content
Bifrost Docs
Docs
Permissions & Roles

Permissions & Roles

Understanding user roles, permissions, and access control in Bifrost

Permissions & Roles

Section titled “Permissions & Roles”

Bifrost uses a simple role-based system to control who can access workflows and forms.

User Types

Section titled “User Types”

Platform Admins

Section titled “Platform Admins”

Platform administrators have full access to:

  • Manage all users and roles
  • Configure platform settings
  • Access all workflows and forms
  • View audit logs

Assign to: System administrators and platform maintainers only

Regular Users

Section titled “Regular Users”

All other users are regular users who can be assigned roles that determine what they can access. Users can always access their own execution results.

Custom Roles

Section titled “Custom Roles”

You can create custom roles to control access to specific workflows and forms. Roles are flexible and can be assigned to:

  • Users - Control which forms a user can access
  • Forms - Restrict which users can submit a form (based on their assigned roles)

Creating Roles

Section titled “Creating Roles”

Roles are simple labels like:

  • HR
  • Finance
  • POC

Assign these roles to users in the user management interface.

Using Roles with Forms

Section titled “Using Roles with Forms”

When creating a form, you can restrict access by role:

  1. Create roles for your team (e.g., hr_team, finance_approver)
  2. Assign roles to users in the user management interface
  3. Set form permissions to require specific roles
  4. Users without the role won’t see or be able to submit the form

Example:

  • Create a role: Expense Approver
  • Assign it to your managers
  • Set your “Approve Expense” form to require Expense Approver role
  • Only managers can now approve expenses

Best Practices

Section titled “Best Practices”

Start with No Roles

Section titled “Start with No Roles”

When first creating workflows and forms, start without role requirements. Add role restrictions only when you need to:

  • Protect sensitive operations (like deleting data or approving expenses)
  • Limit access to specific teams
  • Separate duties (different roles for creation vs approval)

Use Descriptive Role Names

Section titled “Use Descriptive Role Names”

Choose role names that clearly describe the team or permission:

# Good role names


"Finance"
"Expensive Approvers"
"HR"


# Unclear role names


"Role 1"
"Group A"
"Special Users"

Keep It Simple

Section titled “Keep It Simple”

Don’t over-complicate your role structure:

  • Start with a few roles (3-5 for most organizations)
  • Add more only when needed
  • Avoid creating a role for every single workflow

Note: Platform admins can always execute workflows regardless of role requirements.

Built & designed by shadcn. Ported to Astro Starlight by Adrián UB. The source code is available on GitHub.
Home API Client

About

What is Bifrost? Why Open Source? License (AGPL)

Getting Started

Installation Guide For Non-Developers Build Your First Workflow Create Dynamic Forms OAuth Integration

Core Concepts

Platform Overview Workflows Forms Discovery System Permissions Scopes

How-To Guides

Reference

Troubleshooting

Azure Functions OAuth Workflow Engine Forms