More Control With Fine-Grained User Permissions

imgix logo
Team imgix
October 5, 2020
3 minute read
Google authentication

As we continue to roll out more features (like the Source API and the public launch of the Image Manager), our old permissions model where the roles were Owner, User, Billing, and Read-Only has become too limiting. For instance, there isn’t a way to grant a user access to Sources and Billing without elevating them to an account Owner, which automatically confers additional privileges you may prefer not to grant.

That’s why we have improved the way we handle user permissions—now account Owners can assign users any of the following permissions:

  • Account Admin: All permissions, including adding and modifying users.
  • Analytics: Access to image analytics, filterable by Source.
  • Billing: Edit billing information, view and pay invoices.
  • Sources: Create, view, and deploy imgix Sources.
  • Purge: Remove deleted or out-of-date assets from imgix caches.
  • Image Manager Browse: View all content in the Image Manager.
  • Image Manager Edit: Edit and upload images inside the Image Manager. (Note: This permission implicitly includes Image Manager Browse.)

To make this transition as easy as possible, existing users have already been granted permissions as described below, based on their previous roles. The new permissions map to the privileges that the previous roles conferred, so there should be no noticeable changes from a user’s perspective.

  • Owner: Account Admin, which includes all permissions
  • User: Sources, Purge, Analytics
  • Billing: Billing, Analytics
  • Read-only: None, any additional permissions will need to be granted

To add or update permissions for new or existing users, account admins can visit the Users page in the Dashboard to make any changes.

Screenshot of Users page

Permissions for API Keys

In addition to the new permissions, you may notice a couple of other changes as well. Now that more fine-grained permissions are available, all users can access the API Keys page to create keys. API keys can also have different permissions, though a user will only be able to create a key that has permissions equal to or less than the user’s own permissions. For example, if a user does not have the Sources permission, they will be unable to create an API key that has the Sources permission.

Screenshot of API Keys page

All existing keys created prior to this change were created by account owners, so they have all permissions. If you want to generate new keys with limited permissions, you can do so by visiting the API Keys page.

We highly recommend you only grant the permissions you know you need, both for users and for any API keys you create.

If you have any questions, please don’t hesitate to contact us or email