Admins

Oblique organizations include three default roles:

• Owner: Owns the Oblique organization, can perform all actions in Oblique, and receives all communications. Each Oblique organization has one owner.
• Admin: Manages the organization, including managing integrations, users, groups, resources, and entitlements, and creating Oblique API keys.
• Member: Member of the organization. Members can become members of groups and have entitlements granting them access. Members don’t have access to the Oblique app.

By default, Oblique Admins are owners of all groups and resources in Oblique.

Although Admins can create Oblique API keys, the organization owns these keys, not the individual Admin. When you remove an Admin, the API keys remain valid.

By default, the organization Owner receives all communications about Oblique, including billing and security notifications.

Add an Admin

Note

You can’t add a group as Admin. Instead, add the group’s members as Admins.

You must be an Admin to add an Admin.

Navigate to the Admins page.

1. Under Admins, select Add Admin.
2. Search for and select the user you wish to add as an Oblique Admin.
3. Select Add Admins.

Remove an Admin

Caution

Removing an Admin doesn’t invalidate their API keys. To invalidate these keys, navigate to the API keys page and filter for keys created by that Admin.

You must be an Admin to remove an Admin.

Navigate to the Admins page.

1. Under Admins, locate the user to be removed. If you have a lot of Admins, use the search bar to more easily find them.
2. For the selected user, in the More menu, select Remove Admin….
3. Confirm you want to remove the Admin, and select Remove Admin.

Caution

If you’re the last Admin, you cannot remove yourself.

Change the organization Owner

You must be an Admin to change the organization Owner.

Navigate to the Admins page.

1. Under Organization Owner, select Change Owner.
2. Search for and select the user you wish to make the new Owner.
3. Select Update Owner.

Caution

Any Admin can update the Owner, not just the existing Owner.

Permission matrix

By default, members of an Oblique instance have the permission to make change 📥requests, but cannot make changes directly. All members can create requests and can update their own requests. Depending on the type of request, some members who are the owners of affected objects can approve requests.

Users and resources cannot be directly added to Oblique. Instead, they are automatically imported when they are discovered in and synced from an integration.

The following actions can be taken by each role:

Target	Action	Description	Owner	Admin	Member
User	CREATE	Import a user.	❌	❌	❌
Team	CREATE	Create a team group.	✅	✅	📥
Team	DELETE	Delete a team group.	✅	✅	📥
TeamProfile	UPDATE	Update a team group’s description.	✅	✅	❌
TeamMember	CREATE	Add a user to a team group.	✅	✅	📥
TeamMember	DELETE	Remove a user from a team group.	✅	✅	📥
TeamOwner	CREATE	Add an owner to a team group.	✅	✅	❌
TeamOwner	DELETE	Remove an owner from a team group.	✅	✅	❌
Group	CREATE	Create an attribute-based group.	✅	✅	❌
Group	DELETE	Delete an attribute-based group.	✅	✅	❌
GroupOwner	CREATE	Add an owner to an attribute-based group.	✅	✅	❌
GroupOwner	DELETE	Remove an owner from an attribute-based group.	✅	✅	❌
Resource	CREATE	Import or create a resource.	❌	❌	❌
Resource	UPDATE	Change a resource’s management mode.	✅	✅	❌
ResourceOwner	CREATE	Add an owner to a resource.	✅	✅	❌
ResourceOwner	DELETE	Remove an owner from a resource.	✅	✅	❌
Entitlement	CREATE	Create an entitlement.	✅	✅	📥
Entitlement	UPDATE	Edit an entitlement.	✅	✅	📥
Entitlement	DELETE	Revoke an entitlement.	✅	✅	📥
Integration	CREATE	Add an integration.	✅	✅	❌
Integration	UPDATE	Update an integration to allow resource creation.	✅	✅	❌
ServiceAccount	CREATE	Create an API key.	✅	✅	❌
ServiceAccount	DELETE	Revoke an API key.	✅	✅	❌
Admin	CREATE	Add an Admin.	✅	✅	❌
Admin	DELETE	Remove an Admin.	✅	✅	❌
Owner	UPDATE	Change the organization Owner.	✅	✅	❌