Skip to main content

Authorization

info

This guide only applies to clusters that have RBAC (Role-Based Access Control) enabled. New clusters with Weaviate version v1.30 (or later) have RBAC enabled by default.

Create a role

Custom roles allow you to define specific permissions for different users or applications accessing your Weaviate cluster. You can control access to collections, tenants, and specific operations.

  1. Open the Weaviate Cloud console.
  2. Select your cluster and navigate to the Roles section.
  3. Click on the Create Role button (1).
Roles management section in Weaviate Cloud
Access the roles management section.

  1. Enter a descriptive name for your role in the Role name field (1).
  2. In the Collection section (2), configure collection-level permissions:
    • Select the target collection from the dropdown (3)
    • Choose the appropriate permissions: Create, Read, Update, or Delete Collections (4)
  3. Optionally, configure Collection Tenants permissions if your collections use multi-tenancy.
  4. Click the Create button (5) to save your new role.
Create new API role form
Configure permissions for your new role.

info

To find out more about RBAC and available permissions, check out the RBAC documentation.

Edit a role

You can modify the permissions and settings of existing custom roles at any time.

  1. From the roles management page, locate the role you want to edit.
  2. Click the Edit button (1) next to the role you want to modify.
Edit role button highlighted
Modify role permissions.

  1. In the role editing interface, you can:
    • Update collection permissions by checking or unchecking the appropriate boxes for Create, Read, Update, and Delete operations
    • Add or remove additional constraints from the role's scope using the dropdown menus (e.g. which collections the permissions apply to)
  2. After making your changes, click the Update button (1) to save the modifications.
Role editing form with Update button highlighted
Edit role permissions and confirm the updates.

Changes to role permissions take effect immediately for all API keys assigned to that role.

Delete a role

When you no longer need a custom role, you can delete it. This action will affect all API keys currently assigned to this role.

  1. From the roles management page, locate the role you want to delete.
  2. Click the Delete button (1) next to the role you want to remove.
Delete role button highlighted
Deleting a role.

  1. In the confirmation dialog, type the exact role name (1) to confirm the deletion. This prevents accidental deletions.
  2. Click Confirm and delete (2) to permanently remove the role.
Delete role confirmation dialog
Confirm the deletion by typing the role name.

Deleting a role is permanent and cannot be undone. This action will:

  • Remove the role and all its associated permissions
  • Affect any API keys that were assigned to this role
  • Potentially break applications that rely on the permissions granted by this role

Make sure to update or reassign any affected API keys before deleting a role.

info

You cannot delete the built-in admin and viewer roles, as these are system-defined roles required for basic cluster operations.

Further resources

Support

For help with Serverless Cloud, Enterprise Cloud, and Bring Your Own Cloud accounts, contact Weaviate support directly to open a support ticket.

For questions and support from the Weaviate community, try these resources:

To add a support plan, contact Weaviate sales.