ReBAC Rolls Out: Granular Roles, Smarter Teams

A Closer Look at What’s New

We’ve improved how permissions work on the Divio Platform to give teams clearer structure and better control without adding complexity. The new approach keeps things simple while making roles easier to understand and assign. Below is a breakdown of the roles you can now use:

• Organization Owner
  The Organization Owner has complete control over the entire organization.

• Organization Admin
  The Organization Admin has almost the same capabilities as the owner, but cannot transfer or delete the organization.

• Application Collaborator
  The Application Collaborator has full access to a specific application and its environments, but limited visibility into the rest of the organization.

To support more specific workflows, we’ve also added predefined roles you can use right away:

• Billing Admin
  The Billing Admin has access to billing and subscription management.

• Environment Collaborator
  The Environment Collaborator is scoped to one or more specific environments of an application.

• Guest Collaborator
  The Guest Collaborator is a read-only role for a specific environment.

A Permission System That Follows Your Structure

Our new ReBAC model lets you assign access based on how objects relate to each other. That means you can give someone access to one app, a single staging environment, or only the areas they actually need. It keeps permissions focused, relevant, and easier to manage as your projects and teams grow.

And if you’re an agency juggling multiple client projects, dev environments, and different contributors, the last thing you need is shared credentials or tangled permissions.

ReBAC lets you:

• Scope access per project, environment, or user

• Isolate client work cleanly

• Avoid team-wide disruptions when revoking access

• Stay in control without creating overhead

It’s better access without the stress.

Custom Roles for Advanced Setups

For teams with more complex structures, Divio Cloud also supports custom roles (available for enterprise clients). Custom roles let you tailor permissions exactly to your needs by:

• Defining your own combinations of permissions

• Aligning Divio roles with your internal security model

• Syncing roles between your Identity Provider (IdP) and Divio Cloud for centralized access management

If you’re interested in custom roles or exploring an enterprise setup, contact our support and we’ll help you design the right approach for your organization.

No Disruption to Your Existing Setup

You don’t have to change a thing if you’re happy with the current role system. The new options work alongside what you already use.

Need something more specific? You can now request custom roles through support, and we’re working on a full self-serve role editor that’s coming in early 2026.

Managing Roles Today and What’s Next

You’ll find role and access management in Collaborators. From there, you can assign roles, view current permissions, and plan your access model. Everything is backed by our usual docs and CLI integration. If you run into something unclear, just message us. We’re here.

And we’re not stopping there. This quarter, we’re rolling out a cleaner UI that makes managing roles and assignments simpler and more intuitive. Later this year, we’ll follow up with self‑serve tools that let teams create and customize roles and security groups on their own. Step by step, we’re giving growing teams the control they need, without adding friction.

Need a Hand?

You can start using the new roles and ReBAC system right now. It’s a gradual rollout, so there’s no rush. You’re free to test, adjust, and adopt at your own pace

If you want help planning your setup or have a specific need in mind, our team is just one message away.

Not using Divio yet? Start a free trial today.