Authorization
This guide only applies to clusters that have RBAC (Role-Based Access Control) enabled. New clusters with Weaviate version v1.30
(or later) have RBAC enabled by default.
Create a role
Custom roles allow you to define specific permissions for different users or applications accessing your Weaviate cluster. You can control access to collections, tenants, and specific operations.
Open the Weaviate Cloud console.
Select your cluster
and navigate to the
Roles
section.Click on the
Create Role
button ( 1).

Enter a descriptive name for your role in the
Role name
field (1).In the
Collection
section (2), configure collection-level permissions:Select the target collection from the dropdown ( 3)
Choose the appropriate permissions: Create, Read, Update, or Delete Collections (4)
Optionally, configure
Collection Tenants
permissions if your collections use multi-tenancy.Click the
Create
button (5) to save your new role.

To find out more about RBAC and available permissions, check out the RBAC documentation.
Edit a role
You can modify the permissions and settings of existing custom roles at any time.
- From the roles management page, locate the role you want to edit.
Click the
Edit
button (1) next to the role you want to modify.

In the role editing interface, you can:
Update collection permissions by checking or unchecking the appropriate boxes for Create, Read, Update, and Delete operations
Add or remove additional constraints from the role's scope using the dropdown menus (e.g. which collections the permissions apply to)
After making your changes, click the
Update
button ( 1) to save the modifications.

Edit role permissions and confirm the updates.
Changes to role permissions take effect immediately for all API keys assigned to that role.
Delete a role
When you no longer need a custom role, you can delete it. This action will affect all API keys currently assigned to this role.
From the roles management page, locate the role you want to delete.
Click the
Delete
button (1) next to the role you want to remove.

Deleting a role.
In the confirmation dialog, type the exact role name ( 1) to confirm the deletion. This prevents accidental deletions.
Click
Confirm and delete
(2) to permanently remove the role.

Confirm the deletion by typing the role name.
Deleting a role is permanent and cannot be undone. This action will:
- Remove the role and all its associated permissions
- Affect any API keys that were assigned to this role
- Potentially break applications that rely on the permissions granted by this role
Make sure to update or reassign any affected API keys before deleting a role.
You cannot delete the built-in admin and viewer roles, as these are system-defined roles required for basic cluster operations.
Further resources
Support
For help with Serverless Cloud, Enterprise Cloud, and Bring Your Own Cloud accounts, contact Weaviate support directly to open a support ticket. To add a support plan, contact Weaviate sales.
If you have any questions or feedback, let us know in the user forum.