Secure your documentation with role-based access control (RBAC) to manage who can view and access different parts of your project.
Redocly's access control system lets you protect sensitive documentation, restrict access to specific user groups, and manage permissions at the page and navigation level. Perfect for internal documentation, API keys, or content that should only be visible to specific teams.
Understanding the difference between authentication and authorization is crucial for setting up access control:
Authentication identifies who you are - handled by your identity provider (SSO) when users log in.
Authorization determines what you can access - controlled by your roles, which come from:
- Identity provider claims/attributes for organization-wide roles (when using SSO)
- Manual role assignment for organization-wide roles (when using Redocly's login system)
- Team assignments for project-specific access (teams can be managed through identity provider or Redocly)
The source of your role and team information depends on whether you're using SSO with an identity provider or Redocly's built-in authentication and team management systems.
Roles
Define user roles and permissions to control access levels across your documentation project.
RBAC concepts
Understand how role-based access control works and how to implement security for your content.
Page permissions
Control access to individual pages and content sections based on user roles and permissions.
Navigation permissions
Manage visibility of navigation links and groups to create role-specific navigation experiences.
Access control in Redocly operates on a role-based system where:
- Users are assigned roles in your organization or project
- Content is tagged with access requirements using configuration or front matter
- The system automatically filters what each user can see based on their roles
- Navigation adapts dynamically to show only accessible content
- Set up roles - Define the user roles needed for your organization and understand the difference between organization and project roles
- Understand RBAC - Learn the RBAC concepts and security model including how teams, roles, and resources work together
- Protect pages - Apply page permissions to sensitive content using front matter or configuration-based access control
- Control navigation - Configure navigation permissions for role-specific menus in navbar, footer, and sidebar
Internal documentation
Separate public and internal content, hiding sensitive information from external users while keeping it accessible to employees.
API documentation tiers
Show different API endpoints and features based on subscription levels or user permissions.
Team-specific content
Create content visible only to specific teams (engineering, sales, support) while maintaining a unified documentation site.
Progressive disclosure
Show basic content to all users while revealing advanced features and configurations to authorized personnel.
- Roles and permissions - Configure user roles and permissions to control access levels across your documentation project
- RBAC implementation - Understand how role-based access control works and implement security best practices for your content
- Page-level access control - Control access to individual pages and content sections based on user roles and permissions
- Navigation permissions - Manage visibility of navigation links and groups to create role-specific navigation experiences