Access Control

(information)

Public Beta Notice

Role Based Access Control (RBAC) is available as a public beta release. Twilio might add or change features before declaring RBAC Generally Available. Beta products aren't covered by a Twilio SLA.

Learn more about beta product support.

With Twilio's role-based access control (RBAC) platform, you can grant access to Twilio resources in a granular way and prevent access to other resources. Twilio RBAC lets you adopt the security principle of "least privilege access" for users in your Twilio accounts.

Here are the key features of the Access Control product:

Control access to Twilio resources with built-in roles that range in scope from your whole organization down to viewing only a specific product for a specific subaccount.
Manage role assignments across multiple accounts and subaccounts in one place using the self-serve RBAC management interface in Twilio Admin.

View role assignments

Go to Twilio Admin
Click on Access Control, it will take you to the role assignments view page where you can view all existing role assignments in your Organization. You can return to this view by clicking on the Role Assignments subsection in the left navigation bar.
You can search Role Assignments by user's name, email, SID, role name or scope name. Scope specifies the boundary within which a role assignment will apply, it can be a managed account, subaccount, or even your organization.
To view a user's role assignment details, click the user's name.

Add a new role assignment

When you assign roles to a user, you start by selecting the scope: organization, account, or subaccount. Then you can assign one or more roles to the user for the specified scope. Depending on the scope, you can select from General or Built-in roles. Learn more about role types.

Users can have multiple roles in multiple scopes. You can assign up to 25 built-in roles per user across all scopes.

Go to Access Control > Role Assignments.
Click the user's name to open the Role Assignment Detail page.
On the Role Assignment Detail page, click Add another assignment to add a new role assignment.
Under Scope, search the organization, account, or subaccount you want to give access to. You can type the friendly name or SID to search.
Select the Role to add.
To add additional roles to the same scope, click Add Role .
To add a role to another scope, click Add another assignment.
Click Save to confirm the changes.

Delete a user's role assignments

Go to Access Control > Role Assignments.
Click the user's name to open the Role Assignment Detail page.
On the Role Assignment Detail page, click Edit assignment.
To delete individual roles, click the dustbin icon beside the role.
To delete all the roles for a scope, click Delete Assignment.
Click Save to confirm the changes.

View roles & permissions

Go to Access Control > Roles.
The Roles page lists Product groups, role names, and descriptions. A Product group refers to Twilio products such as Messaging or Phone Number that the role belongs to. The General product group is for general roles and the Organization product group is for organization roles.
Click on a role to view the list of permissions that role contains. There are no permissions for general account roles and organization roles.

(information)

Note

Only users with the Organization Owner or Organization Admin role can access the Access Control pages.
Organization roles, which include Organization Owner, Organization Admin and Organization Standard user, cannot be deleted from the Access control pages. Go to the User detail page from the Managed users page to delete organization roles.
Owner role for an Account cannot be deleted from the Access Control pages.