Configure Roles & Permissions

Robopack supports granular role-based access control so you can give each team member exactly the permissions they need — no more, no less.

What you'll need

Team	Recommended roles
IT admins	Organisation Administrator (full access)
Packaging team	Package Writer + Robopatch Writer
Read-only stakeholders	Package Reader + Robopatch Reader
Security / compliance	Security Reader

Go to Settings > Users, click on a user, select their roles, and save.

For larger organisations, you can assign roles through Entra ID enterprise application group membership:

tip

Using Entra ID security groups means new team members automatically get the right permissions when they're added to the group.

If you manage multiple tenants, you can scope permissions per tenant in Settings > Tenants:

Permission	Controls
See / Read information	Who can view apps and settings for this tenant
Upload apps	Who can import packages to this tenant
Set configuration	Who can modify tenant settings
Set permissions	Who can manage access control for this tenant

Access can be granted to all users, specific users, or an Entra ID security group.

Policy	Use case
Allow both Entra ID and password sign-ins	Maximum flexibility
Only allow Entra ID sign-ins	Recommended for security
Only allow password sign-ins	For organisations not using Entra ID

warning

Before switching to Entra ID-only sign-ins, ensure all users who need access are already signing in with Entra ID.

For accounts using password sign-in, you can enable 2FA:

Per-user: Go to Settings > Account and set up an authenticator app (Microsoft Authenticator, Google Authenticator, etc.)
Organisation-wide: Go to Settings > Account > Organisation Settings to require 2FA for all password logins