Introducing access controls and team management

Today we’re releasing granular access control features including custom roles, object-level access controls, and teams.

Platform and data engineering teams run critical applications that involve users of heterogenous skillsets and responsibilities. Admins are tasked with the difficult job of maintaining a secure and compliant security posture.

These new access controls let you gracefully support even the largest teams and their stakeholders in building resilient and observable workflow applications, while maintaining compliance with even the strictest of standards. Set granular custom role definitions, restrict access to individual objects, and manage at scale with teams - inside the Prefect client, or from your preferred authentication provider.

Prefect gives organizations of all sizes, from 3 person data teams to enterprises with hundreds of users, the ability to build compliant, scalable, and secure applications that power resilient, reliable, and observable workflows. See why companies like Block, Progressive, and Humana choose Prefect to build workflow applications by meeting with our team today.

Custom roles and role-based access control

With Prefect, you can now onboard new teams or personas and customize their permissions to your standards with ease. Create a customized role definition with granular access settings for all Prefect features. For instance, grant:

• a data stakeholder access to blocks and automations but not deployments
• the platform team access to deployments but not artifacts

This allows you to maintain access control compliance without sacrifices, while customizing to each team’s unique needs. Read more about the details of role management here.

Restricting object level access

You may want to restrict access to one object, without impacting the ability for users to work with other objects of that type. For example, you may want to stop anyone from scheduling a new flow run for a deployment with exceptionally high infrastructure costs, without stopping them from being able to kick off other, less costly deployments.

In this case, discrete objects such as deployments or blocks can be restricted by simply adding an access control list. Protect your critical credentials and workflows, without blocking your team.

Teams for bulk editing access

Individually managing user permissions is a tedious exercise, and it presents a risk for companies who need to insure that secure access is implemented at scale. Some of our largest customers, like those at Block, Progressive, and Humana, manage Prefect deployments for large data teams with stakeholders across the organization.

With Prefect’s teams feature, administrators can set custom roles or manage permissions to discrete objects such as deployments or blocks, for an entire group. This way users can’t trigger workflows or have access to credentials that they shouldn’t be able to.

None of the customizability or granularity has to go away at scale—quite the opposite. Using teams allows even the largest companies maintain granular access easily without manually selecting users as bulk permissions change.

Compliance and security, your way

From the largest enterprises to small data teams of 2 to 3, our users are often subject to strict security and compliance requirements. Even if you’re just at the beginning of your security journey, features such as role and object-based access control, teams, and SCIM provisioning give you total control of what users do and don’t have access to.

Prefect makes complex workflows simpler, not harder. Try Prefect Cloud for free for yourself, download our open source package, join our Slack community, or talk to one of our engineers to learn more.