Groups and Folders
Groups and folders are organizational tools in Orvanta that manage permissions and structure items in a workspace. They represent the primary method for handling access control through role-based permissions.
Folders
Section titled “Folders”Folders organize various items—scripts, flows, resources, and schedules—and assign role-based access permissions to groups and individual users. Folders should represent projects, and we recommend assigning permissions to groups.
Subfolders
Section titled “Subfolders”Orvanta supports nested folder structures by using forward slashes in item paths, similar to filesystem organization. Only top-level folders enforce inherited permissions.
Groups
Section titled “Groups”Groups classify users together to enable shared permissions across the workspace. Multiple group memberships per user are supported. Each group receives one of three permission levels:
- Viewer: read-only access
- Writer: read and write access
- Admin: read/write access plus permission management capabilities
Combined Usage
Section titled “Combined Usage”Groups and folders work together—groups can exist within folders, but not vice versa. This structure allows teams to access shared resources by either adding individual members or entire groups to folders.
Instance Groups
Section titled “Instance Groups”Instance groups are automatically managed through SCIM (System for Cross-domain Identity Management) integration with identity providers like Okta or Azure Active Directory. They operate at the instance level across multiple workspaces and eliminate manual group provisioning. Instance groups can receive instance-level roles (superadmin or devops), with the highest role taking precedence when users belong to multiple groups.