SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Role-Based Access Control (RBAC) in the Console for Twilio Flex

Overview

The Role-Based Access Control (RBAC) implemented in the Flex console is designed to limit user actions on any given page. The system recognizes five legacy roles:

  • Owner
  • Admin
  • Developer
  • Support
  • Billing

Each legacy role maps to specific custom permission groups. These permissions are evaluated against two primary keys:

  • permission_resource: Specifies the target resource.
  • permission_action: Specifies the allowed operation on that resource.

Previously, these permission checks were enforced on the client side to restrict access to specific  routes within the Console.

However now, this enforcement has shifted entirely to the backend. RBAC boundaries are now applied strictly to API routes, ensuring a more secure, decoupled, and API-first access control model.

 

Product

Flex

 

Environment

Twilio Console

 

What You Need To Know

Below are the roles and permissions:
 

 

Conclusion

In conclusion, users with Owner, Admin, or Developer roles are granted full access to perform CRUD operations within Flex in the Twilio Console.

Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk