Dosu Logo
Home
Documents
6 - RBAC
6 - RBAC
Type
Document
Status
Published
Created
Dec 12, 2025
Updated
Feb 28, 2026
Updated by
Dosu Bot

Dosu uses role-based access control (RBAC) at the organization level, with additional access rules for each integration.

Note: Custom RBAC policies are available on the Enterprise plan. The standard role system described below is available on all plans.

Dosu App Roles#

Dosu organizations have three roles:

  1. Owner: Full control over the organization, including the ability to delete it. Each organization has one owner.
  2. Admin: Can invite and manage members, manage deployments and data sources, and view billing.
  3. Member: Can view deployments, data sources, and interact with Dosu features. Cannot manage team members or billing.

You need a Dosu account to manage your organization's knowledge base, whether reviewing documentation, approving drafts, or configuring deployments. You do not need a Dosu account to interact with Dosu on Slack or GitHub; those integrations work for anyone in the connected workspace or repository.

How Users Join Organizations#

Users can become organization members in two ways:

  1. Manual invitation: Admins can invite users by email. Invited users receive the role assigned by the Admin at the time of invitation.

  2. Domain-based autojoin (Enterprise): Enterprise accounts can enable domain-based autojoin. When enabled, newly created users who sign up with an email address matching one of the organization's configured domains are automatically added to the organization.

    User experience flow:

    • Autojoin evaluation: Autojoin is evaluated during OAuth callbacks (social login) and password login flows. It only applies to newly created accounts (within 90 seconds of account creation), not to existing users with matching email domains.
    • Role assignment: Role assignment follows this priority:
      • If a pending invitation exists for the user's email, the user receives the role specified in that invitation (the invitation is then consumed)
      • If no pending invitation exists, the user receives the default Member role
    • Onboarding completion: The user's onboarding is automatically marked as complete.
    • Organization switching: Upon successful autojoin, the user is immediately redirected to the organization, providing seamless access without manual navigation.

Domain-based autojoin streamlines onboarding for enterprise customers with company email addresses. Admins retain full control to manage all members—including those who joined via autojoin—and can change roles or remove members as needed.

GitHub#

To create a GitHub data source or deployment, you must have Triage permission or higher on the repository, or be the user who installed the Dosu GitHub App.

Read-only collaborators cannot create data sources or deployments for a repository.

Once a data source is created, all members of your Dosu organization can access its contents. If you need to restrict access to specific repositories within your organization, contact us at customer-success@dosu.dev.

Slack#

Dosu can only access channels where it has been explicitly invited.

Once a Slack workspace is connected to your Dosu organization, all organization members can access data from that workspace's connected channels. Access is not filtered by individual Slack channel membership—if a channel is connected as a data source or deployment, all Dosu org members can query its contents.

Confluence#

The OAuth connection determines which spaces and pages Dosu can fetch, based on the permissions of the user who authorizes the connection.

Once a Confluence workspace is connected to your Dosu organization, all organization members can access data from that workspace's connected spaces and pages. For this reason, we recommend creating a dedicated service account in Confluence with access only to the spaces you want Dosu to index, then authorizing the Dosu connection with that account.

Public Spaces#

Spaces can be set to public visibility, which allows anyone (including users without a Dosu account) to view documentation and ask questions in that space. Public spaces are intended for open-source projects and public knowledge bases.

Data sources connected to public spaces become queryable by anyone.