Roles & Permissions
Four roles, clear boundaries. Every team member has exactly the access they need — no more, no less.
How roles work
Role-based access control
BoltPipeline uses role-based access control (RBAC) to govern who can design pipelines, who can certify them, and who can promote them to Integration and Production. Roles are assigned per team member and take effect immediately — no page reload or re-login required.
Roles are cumulative — each role includes everything from the roles below it. An Operator can do everything a Developer can do, and a Developer can do everything a Viewer can do.
Role details
Read-only access. Suitable for stakeholders, analysts, and auditors who need visibility into pipeline status without making changes.
Can
- View all pipelines and their current status
- View step definitions and execution history
- View drift events and monitoring dashboards
- View Enterprise Model (tables, columns, lineage)
- View team members
- Export certified SQL and pipeline artifacts
Cannot
- ✕Create, edit, or delete pipelines or steps
- ✕Submit pipelines for certification
- ✕Promote pipelines to any environment
- ✕Manage users or change settings
The pipeline builder. Developers design pipelines, write SQL steps, and submit for certification. They cannot promote to Integration or Production.
Can
- All Viewer permissions
- Create and edit pipelines
- Add, edit, and delete steps
- Submit pipelines for certification
- Re-certify after a failed certification
- Promote to Development environment
Cannot
- ✕Promote to Integration or Production
- ✕Manage users or billing
- ✕Modify tenant-wide settings
The gatekeeper for Integration. Operators review certified pipelines in Development and decide whether they are ready to be promoted to the Integration environment.
Can
- All Developer permissions
- Promote certified pipelines to Integration
- Manage pipeline scheduling in any environment
- Acknowledge and dismiss drift events
- View billing and usage
Cannot
- ✕Promote to Production
- ✕Manage users or team membership
- ✕Modify tenant-level configuration
Full control. Admins manage the team, configure tenant settings, and have the final authority to promote pipelines to Production. Every tenant must have at least one admin.
Can
- All Operator permissions
- Promote certified pipelines to Production
- Invite, modify, and deactivate team members
- Assign and change roles
- Configure Enterprise Model and audit columns
- Manage tenant settings and billing
- Roll back pipeline versions in any environment
Cannot
- ✕Deactivate themselves if they are the last admin
- ✕Demote themselves below admin if they are the last admin
Quick reference
| Action | Viewer | Developer | Operator | Admin |
|---|---|---|---|---|
| View pipelines and history | ✓ | ✓ | ✓ | ✓ |
| Create / edit steps | — | ✓ | ✓ | ✓ |
| Certify a pipeline | — | ✓ | ✓ | ✓ |
| Promote to Development | — | ✓ | ✓ | ✓ |
| Promote to Integration | — | — | ✓ | ✓ |
| Promote to Production | — | — | — | ✓ |
| Manage scheduling | — | — | ✓ | ✓ |
| Invite / manage users | — | — | — | ✓ |
| Configure Enterprise Model | — | — | — | ✓ |
| Manage billing & settings | — | — | — | ✓ |
Managing your team
Inviting users and assigning roles
Invite a user
Admins can invite users from Settings › Team. Enter the user's email and assign a role. The user receives an invitation link valid for 24 hours — when they click it, they set their password and are immediately active.
Change a role
Role changes take effect immediately. The user's next page load or API call reflects the new permissions. You cannot demote yourself below Admin if you are the last admin on the tenant.
Deactivate a user
Deactivated users cannot log in, but their history and activity records are preserved. You cannot deactivate yourself.
Domain restriction
Paid tenants can restrict invitations to users with a specific email domain (e.g. @yourcompany.com). Admins bypass this restriction.