<![CDATA[Can You Create Read-Only Roles in FusionAuth?]]>We are evaluating the best permissions to assign different individuals in our QA and Production FusionAuth instances.

From the documentation, it seems that roles for tenants and applications are either create/update or delete, with no built-in read-only roles. Additionally, it appears that we cannot modify the roles for the default FusionAuth application.

Questions:

  1. Is there a way to introduce read-only roles in FusionAuth?
  2. If not, is there a plan to add this functionality in a future release?
  3. We want to grant some users view-only access without allowing modifications—how can we achieve this?
]]>https://fusionauth.io/community/forum/topic/2935/can-you-create-read-only-roles-in-fusionauthRSS for NodeSun, 14 Jun 2026 20:18:33 GMTSun, 29 Jun 2025 14:50:31 GMT60<![CDATA[Reply to Can You Create Read-Only Roles in FusionAuth? on Sun, 29 Jun 2025 14:51:02 GMT]]>
  • Existing Role Limitations in FusionAuth
    • FusionAuth provides predefined Admin UI roles, which are not modifiable.
    • You can review the available roles here:
      FusionAuth Admin UI Roles
    • The default FusionAuth application roles cannot be changed, which means read-only roles are not currently available.
    1. Requesting Read-Only Roles as a Feature
    • FusionAuth does not currently support read-only access roles for applications or tenants.
    • The likely reason for this is that users who need to view application/tenant properties often also need to update them.
    • However, you can submit a feature request to suggest adding read-only roles:
      Submit a Feature Request
    1. Workaround: Implement a Custom Read-Only View

    If immediate read-only access is required, consider:

    • Using the FusionAuth APIs to create a custom dashboard where users can view but not edit data.
    • Relevant APIs for this purpose:

    Summary

    • No built-in read-only roles exist for applications or tenants.
    • FusionAuth Admin UI roles are not modifiable.
    • You can request read-only roles as a feature via GitHub.
    • A workaround is to build a custom, API-based read-only view.
    ]]>    https://fusionauth.io/community/forum/post/8075https://fusionauth.io/community/forum/post/8075Sun, 29 Jun 2025 14:51:02 GMT