Can I Provision User Roles at the Destination or Connection Level Using SCIM?

Question

I have enabled System for Cross-domain Identity Management (SCIM). Can I provision user roles at the destination or connection level using SCIM?

Environment

• Account settings
• SCIM

Answer

In our Role-Based Access Crontrol (RBAC) model, we provide a set of standard and custom roles to grant or deny access to different Fivetran resources within the Fivetran account.

The standard roles in our RBAC model allow you to manage access to Fivetran resources in a granular and hierarchical way. In Fivetran, you can create roles for the following resource types in descending hierarchical order:

• Account
• Destination
• Connection

However, it's only possible to assign user roles at one level using a SCIM configuration. As a result, Fivetran's SCIM API only supports provisioning account-level roles.

Alternatively, you can use the Fivetran REST API to assign roles at a destination or connection level. To learn more, see our add connection membership or add group membership documentation.