What It Is
Access Control & Security covers how organizations manage permissions and track activity. This includes role-based access control (RBAC) with custom roles and fine-grained permissions, audit logging, and team-wide security policies.RBAC
RBAC lets admins create custom roles with explicit permissions over resources. Permissions are expressed as actions over resource patterns, with enforcement server-side so access is consistent across the extension and backend. Resource types:- Templates, Secrets, Images (environment-scoped)
- Builds, Clusters, Workspaces
- Org members, Org roles, Org settings
- Audit (team or self scope)
read,write,admin,*deploy(templates),use(secrets)
/templates/**- all templates/environments/staging/secrets/**- secrets in staging only/clusters/**- all clusters/audit/team/**- team-wide audit events
Managing RBAC in the UI
Open the Organization panel and click Manage Roles to access the roles view. Creating roles:- Click Create new
- Enter role name and description
- Add permissions by selecting resource type, action, and optional environment
- Click Create Role
Managing RBAC via Chat
Admins can manage RBAC through chat:Audit Logging
Audit events are recorded when you work in an organization context. The log captures actions like builds, deployments, cluster operations, and secret changes, including actor, status, and trace information. How to view:- Welcome screen: Recent events appear in the Team Events card.
- Activity panel: Open from the Monk Dashboard for a full timeline.
Not Available Yet
Single sign-on, domain enforcement, and org-wide 2FA are not available yet.Related Features
- Team Collaboration - Organizations, members, and clusters
- Multiple Environments - Environment-scoped permissions
- Custom Knowledge - Team policy enforcement (coming soon)
- Security - Runtime security for deployments