Skip to content

User Roles

Access to Appelium Dashboard is subject to role-based access control (RBAC) which restricts system access to authorized users only.

Appelium RBAC consists of these 4 roles:

Hierarchical Role Assignments

Roles are structured hierarchically, where higher-level roles have the permissions of the lower-level roles plus additional ones. This hierarchy helps in maintaining clear boundaries of authority and responsibility.

Role Creation and Invitation Practices

Inviting Lower Roles only: It is considered a best practice that users can only invite or create users with roles lower than themselves. This practice prevents privilege escalation and ensures that users cannot grant permissions that they do not possess.

Agent

Agent is the account owner and has highest permissions. It has all the permissions as Admin and additionally it can:

  • Access and update billing information
  • Invite and remove Admin users
  • Change account wide policy settings (e.g. Enforce 2FA authentication for all accounts)
  • Cancel subscription or close the account

Admin

Admin is the second highest role. It has all the permissions as Member and additionally it can:

  • Manage Applications
  • Create integrations (Slack, Teams, etc.)
  • Create CI tokens
  • Delete data (test executions, bug reports, etc)
  • Manage application distribution groups
  • Invite and remove Member users

Member

Admin is the lowest application role which still has Dashboard access (bug reports, test executions, metrics etc). It has read-only access to the data in Dashboard:

  • Bug reports
  • Test executions
  • Test cases
  • Test failure groups
  • Crash reports
  • Non fatal error reports
  • Application performance metrics
  • Network performance metrics
  • Builds
  • Distribution groups

Member role can't invite other users to join the same workspace.

Tester

Testers is a special role which has no Dashboard access. Users with this role are typically considered to be outside of one's organization and can only access/install application builds that are explicitly distributed to them via distribution groups.