FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Can You Create Read-Only Roles in FusionAuth?

    Scheduled Pinned Locked Moved Solved
    Frequently Asked Questions (FAQ)
    login logins
    1
    2
    317
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wesley
      last edited by wesley

      We are evaluating the best permissions to assign different individuals in our QA and Production FusionAuth instances.

      From the documentation, it seems that roles for tenants and applications are either create/update or delete, with no built-in read-only roles. Additionally, it appears that we cannot modify the roles for the default FusionAuth application.

      Questions:

      1. Is there a way to introduce read-only roles in FusionAuth?
      2. If not, is there a plan to add this functionality in a future release?
      3. We want to grant some users view-only access without allowing modifications—how can we achieve this?
      W 1 Reply Last reply Reply Quote 0
      • W
        wesley @wesley
        last edited by

        1. Existing Role Limitations in FusionAuth
        • FusionAuth provides predefined Admin UI roles, which are not modifiable.
        • You can review the available roles here:
          FusionAuth Admin UI Roles
        • The default FusionAuth application roles cannot be changed, which means read-only roles are not currently available.
        1. Requesting Read-Only Roles as a Feature
        • FusionAuth does not currently support read-only access roles for applications or tenants.
        • The likely reason for this is that users who need to view application/tenant properties often also need to update them.
        • However, you can submit a feature request to suggest adding read-only roles:
          Submit a Feature Request
        1. Workaround: Implement a Custom Read-Only View

        If immediate read-only access is required, consider:

        • Using the FusionAuth APIs to create a custom dashboard where users can view but not edit data.
        • Relevant APIs for this purpose:
          • Application API
          • Tenant API

        Summary

        • No built-in read-only roles exist for applications or tenants.
        • FusionAuth Admin UI roles are not modifiable.
        • You can request read-only roles as a feature via GitHub.
        • A workaround is to build a custom, API-based read-only view.
        1 Reply Last reply Reply Quote 0
        • W wesley marked this topic as a question
        • W wesley has marked this topic as solved
        • First post
          Last post