Dokploy/website
1
0
Fork 0
mirror of https://github.com/Dokploy/website.git synced 2026-06-15 20:25:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: introduce Custom Roles and Audit Logs for Enterprise users

Browse Source 
- Added documentation for Custom Roles, allowing Enterprise users to create tailored roles with granular permissions.
- Introduced a new Audit Logs section, detailing how to track actions performed by organization members for security and compliance.
- Updated meta.json to include references to the new features.

These enhancements provide greater control and visibility for Enterprise users, improving overall user management and compliance capabilities.
This commit is contained in:
Mauricio Siu
2026-03-17 23:46:34 -06:00
parent 01e06f27d0
commit 5b9925a279
6 changed files with 306 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/docs/content/docs/core/(Users)/permissions.mdx
View File

@@ -53,3 +53,11 @@ You can also grant permissions to specific users for accessing particular projec
#### Project Permissions
Based on your projects and services, you can assign permissions to specific users to give them access to particular projects or services. You can also select specific environments within projects, allowing you to grant granular access control at the environment level.
## Enterprise: Custom Roles & Additional Permissions
With an **Enterprise** license, you can go beyond the default roles and create **Custom Roles** with granular permissions. This gives you full control over what each team member can do — covering areas like deployments, environment variables, servers, certificates, backups, monitoring, audit logs, and more.
Enterprise permissions include over 25 permission categories with fine-grained actions (Read, Create, Update, Delete, Deploy, Cancel, Restore, Write) across all resources.
[Learn more about Custom Roles →](/docs/core/enterprise/custom-roles)

53
apps/docs/content/docs/core/enterprise/audit-logs.mdx Normal file
View File

@@ -0,0 +1,53 @@
---
title: Audit Logs
description: Track all actions performed by members in your organization
---
Audit Logs give Enterprise users complete visibility into every action performed within the organization. Every create, update, delete, login, logout, deployment, and configuration change is recorded — giving you a full trail for security, compliance, and debugging.
## Overview
Audit Logs are available in **Settings → Audit Logs**. Each entry captures:
| Field | Description |
| --- | --- |
| **Timestamp** | When the action occurred. |
| **User** | The email of the user who performed the action. |
| **Action** | The type of action — `Created`, `Updated`, `Deleted`, `Deployed`, `Login`, `Logout`. |
| **Resource** | The type of resource affected (e.g. `application`, `Custom Role`, `Settings`, `Session`, `Domain`). |
| **Name** | The name or identifier of the resource. |
| **Role** | The role of the user at the time of the action (e.g. `owner`, `developer`, `member`). |
| **Metadata** | Additional context when available. |
## What is Logged
Audit Logs track every meaningful action in your organization:
- **Authentication** — User logins, logouts, and session events.
- **User Management** — Creating, updating, or removing users and changing role assignments.
- **Custom Roles** — Creating, updating, or deleting custom roles.
- **Projects & Services** — Creating, updating, deploying, and deleting applications, databases, and compose stacks.
- **Domains** — Adding or removing custom domains.
- **Environment Variables** — Changes to service, project, and environment-level variables.
- **Settings** — Updates to organization settings, whitelabel configuration, and version updates.
- **Infrastructure** — Changes to servers, registries, certificates, SSH keys, and S3 destinations.
- **Backups & Schedules** — Creating, updating, or deleting backups, volume backups, and scheduled jobs.
- **Notifications** — Changes to notification providers.
## Filtering
You can filter audit log entries to quickly find what you're looking for:
- **By user** — Search for actions performed by a specific user.
- **By name** — Search for actions on a specific resource name.
- **By action** — Filter by action type (Created, Updated, Deleted, etc.).
- **By resource** — Filter by resource type (application, Settings, Custom Role, etc.).
## Use Cases
- **Security investigations** — Identify who made a specific change and when.
- **Compliance** — Maintain evidence of access control and change management for SOC 2, GDPR, and internal policies.
- **Debugging** — Trace deployment failures or configuration issues back to the change that caused them.
- **Team visibility** — Understand what actions team members are performing across the organization.
For questions about audit log retention or integration with external logging systems, [contact us](https://dokploy.com/contact).

44
apps/docs/content/docs/core/enterprise/audit-logs.txt
View File

@@ -1,44 +0,0 @@
---
title: Audit logs
description: Track user actions and changes for compliance and security
---
## What is logged
Typical events include:
- **Authentication** — Logins, logouts, failed attempts, SSO redirects.
- **Users and access** — User creation, updates, deletion, role changes, invite/revoke.
- **Resources** — Creation, update, and deletion of projects, applications, compose stacks, databases, domains, environment variables, and similar resources.
- **Deployments** — Deploy triggers, rollbacks, and related actions.
- **Settings** — Changes to organization, security, and whitelabel settings (where applicable).
Each entry usually includes:
- **Timestamp** (UTC)
- **Actor** (user ID, email, or service account)
- **Action** (e.g. `user.login`, `application.create`, `compose.deploy`)
- **Resource** (type and identifier)
- **Details** (e.g. old/new values or reason, when relevant)
- **IP address** (when available)
## Accessing audit logs
1. Go to **Settings** → **Audit logs** (or **Organization** → **Audit logs** in Enterprise).
2. Use filters by date range, user, action type, or resource.
3. Export results (e.g. CSV or JSON) for external tools or compliance reviews.
## Retention and storage
- Retention period and storage backend (e.g. database, external logging) depend on your Enterprise agreement.
- Configure retention and any archiving according to your compliance and security policies.
## Compliance
Audit logs help support:
- **SOC 2** — Evidence of access control and change management.
- **GDPR** — Documentation of access to and changes in personal data and configurations.
- **Internal policies** — Review of who changed what and when.
For retention, export formats, or integration with your SIEM or log pipeline, [contact us](https://dokploy.com/contact).

241
apps/docs/content/docs/core/enterprise/custom-roles.mdx Normal file
View File

@@ -0,0 +1,241 @@
---
title: Custom Roles
description: Create custom roles with granular permissions for your organization members
---
Custom Roles let Enterprise users go beyond the default **Owner**, **Admin**, and **Member** roles by creating tailored roles with fine-grained permissions. Assign exactly the access each team member needs — no more, no less.
## Overview
In the free version, Dokploy provides three built-in roles: **Owner**, **Admin**, and **Member**. Members have a limited, fixed set of permissions. With Enterprise, you can create **custom roles** that combine any of the available permissions below, then assign those roles to users in your organization.
To manage custom roles, go to **Settings → Custom Roles**.
## Available Permissions
Custom roles are built by combining permissions from the following categories:
### Users
Manage organization members, invitations, and roles.
- **Read** — View the list of users and their roles.
- **Create** — Invite new members to the organization.
- **Update** — Edit user details and role assignments.
- **Delete** — Remove members from the organization.
### Projects
Manage project creation and deletion.
- **Create** — Create new projects.
- **Delete** — Delete existing projects.
### Services
Manage services (applications, databases, compose) within projects.
- **Create** — Create new services inside projects.
- **Read** — View services and their configurations.
- **Delete** — Remove services from projects.
### Environments
Manage environment creation, viewing, and deletion.
- **Create** — Create new environments within projects.
- **Read** — View environments and their settings.
- **Delete** — Remove environments.
### Docker
Access to Docker containers, images, and volumes management.
- **Read** — View Docker containers, images, and volumes.
### SSH Keys
Manage SSH key configurations for servers and repositories.
- **Read** — View existing SSH keys.
- **Create** — Add new SSH keys.
- **Delete** — Remove SSH keys.
### Git Providers
Access to Git providers (GitHub, GitLab, Bitbucket, Gitea).
- **Read** — View connected Git providers.
- **Create** — Connect new Git providers.
- **Delete** — Remove Git provider connections.
### Traefik Files
Access to the Traefik file system configuration.
- **Read** — View Traefik configuration files.
- **Write** — Edit Traefik configuration files.
### API / CLI
Access to API keys and CLI usage.
- **Read** — View and use API keys and CLI.
### Volumes
Manage persistent volumes and mounts attached to services.
- **Read** — View volumes and their configurations.
- **Create** — Create new volumes.
- **Delete** — Remove volumes.
### Deployments
Trigger, view, and cancel service deployments.
- **Read** — View deployment history and status.
- **Deploy** — Trigger new deployments.
- **Cancel** — Cancel running deployments.
### Service Environment Variables
View and edit environment variables of services.
- **Read** — View service environment variables.
- **Write** — Edit service environment variables.
### Project Shared Environment Variables
View and edit shared environment variables at the project level.
- **Read** — View project-level shared environment variables.
- **Write** — Edit project-level shared environment variables.
### Environment Shared Environment Variables
View and edit shared environment variables at the environment level.
- **Read** — View environment-level shared environment variables.
- **Write** — Edit environment-level shared environment variables.
### Servers
Manage remote servers and nodes.
- **Read** — View server details and status.
- **Create** — Add new servers.
- **Delete** — Remove servers.
### Registries
Manage Docker image registries.
- **Read** — View configured registries.
- **Create** — Add new registries.
- **Delete** — Remove registries.
### Certificates
Manage SSL/TLS certificates.
- **Read** — View certificates.
- **Create** — Add new certificates.
- **Delete** — Remove certificates.
### Backups
Manage database backups and restores.
- **Read** — View existing backups.
- **Create** — Create new backups.
- **Update** — Modify backup configurations.
- **Delete** — Remove backups.
- **Restore** — Restore from a backup.
### Volume Backups
Manage Docker volume backups and restores.
- **Read** — View volume backups.
- **Create** — Create new volume backups.
- **Update** — Modify volume backup configurations.
- **Delete** — Remove volume backups.
- **Restore** — Restore from a volume backup.
### Schedules
Manage scheduled jobs (commands, deployments, scripts).
- **Read** — View scheduled jobs.
- **Create** — Create new scheduled jobs.
- **Update** — Modify existing scheduled jobs.
- **Delete** — Remove scheduled jobs.
### Domains
Manage custom domains assigned to services.
- **Read** — View configured domains.
- **Create** — Add new domains.
- **Delete** — Remove domains.
### S3 Destinations
Manage S3-compatible backup destinations (AWS, Cloudflare R2, etc.).
- **Read** — View configured S3 destinations.
- **Create** — Add new S3 destinations.
- **Delete** — Remove S3 destinations.
### Notifications
Manage notification providers (Slack, Discord, Telegram, etc.).
- **Read** — View notification providers.
- **Create** — Add new notification providers.
- **Update** — Modify notification configurations.
- **Delete** — Remove notification providers.
### Logs
View service and deployment logs.
- **Read** — View logs.
### Monitoring
View server and service metrics (CPU, RAM, disk).
- **Read** — View monitoring metrics.
### Audit Logs
View the audit log of actions performed in the organization.
- **Read** — View audit log entries.
## Creating a Custom Role
1. Go to **Settings → Custom Roles**.
2. Click **Create Role**.
3. Enter a name for the role (e.g. `developer`, `viewer`, `deployer`).
4. Select the permissions you want to assign to this role.
5. Click **Save**.
## Assigning a Custom Role
1. Go to **Settings → Users**.
2. Select the user you want to update.
3. Change their role to the custom role you created.
4. Click **Save**.
The user will immediately have access based on the permissions defined in their new role.
## Best Practices
- **Principle of least privilege** — Give each role only the permissions it needs. A developer who only deploys doesn't need access to manage users or certificates.
- **Name roles clearly** — Use descriptive names like `deployer`, `viewer`, or `project-admin` so it's easy to understand what each role can do.
- **Review roles regularly** — As your team and workflows evolve, revisit custom roles to ensure they still match your needs.
For help configuring custom roles, [contact us](https://dokploy.com/contact).

5
apps/docs/content/docs/core/enterprise/index.mdx
View File

@@ -8,7 +8,8 @@ description: Enterprise features for SSO, whitelabeling, and audit logs
- **Single Sign-On (SSO)** — Integrate with Auth0, Keycloak, or other OIDC/SAML providers.
- **Whitelabeling** — Rebrand the UI with your logo, colors, and domain (self-hosted only).
{/* - **Audit logs** — Track user actions and changes for compliance and security. */}
- **Custom Roles** — Create custom roles with granular permissions beyond the default Owner, Admin, and Member roles. [Read more →](/docs/core/enterprise/custom-roles)
- **Audit Logs** — Track every action performed by members in your organization for security and compliance. [Read more →](/docs/core/enterprise/audit-logs)
More Enterprise features are on the way. [Contact us](https://dokploy.com/contact) if you want early access or have specific requirements.
@@ -18,4 +19,4 @@ For pricing and to enable Enterprise features on your instance, get in touch wit
**[Contact us →](https://dokploy.com/contact)**
We'll help you configure SSO, whitelabeling, and audit logs for your organization.
We'll help you configure SSO, whitelabeling, custom roles, and audit logs for your organization.

1
apps/docs/content/docs/core/meta.json
View File

@@ -56,6 +56,7 @@
"enterprise/license-keys",
"enterprise/sso",
"enterprise/whitelabeling",
"enterprise/custom-roles",
"enterprise/audit-logs",
"---Guides---",
"guides/cloudflare-tunnels",