Role Based Access Control

Diffgram has Role Based Access Control. This means for each project you set a role to determine access.

Custom Roles

Create custom roles

Share a project

Add user

  • Click Share in top right or go to project /settings
    If they have a Diffgram account they will be instantly added to the project and receive an email alerting them. If they don't have a Diffgram account they will receive an email with an invite to create a new account.

Revoking / removing

Requires: admin permission.
Project / Settings

  • Select the users (or api keys)
  • Click remove

Project Scope

Almost every action in the system in some way revolves around the project, either directly, or as a cascading permission. A project also controls permissions for users, files, and jobs.

The act of creating a new project is basically an empty shell, and as you work with Diffgram more and more will be added and changed to it.

Your project_string_id is used in API calls, do not include sensitive information in it.
After creating the project you can change the nickname if you wish, however the project_string_id cannot be changed. Project scope is inspired by the Google Cloud project scope.

Each project is independent.
By default, a user can see no projects.

  • They can see any project they are added to.
  • Removal from project A does not affect project B

Project Roles


  • Add other admin users


  • Read, Write access to project


  • Read only access

Granular Permissions

Accessing the project is just the most basic level of permission.

You can further assign specific users to specific task groups within a project.

View Existing Users

Go to project settings
Project Settings Navigation

Remove a User

Go to project settings
Project Settings Navigation

Select a user and click remove.