Groups and folders
Groups and folders are ways to manage permissions and organize items in a workspace. They are the privileged method to handle permissions in Windmill.
Recap of how permissions are given to an item (script, flow, resource, variable, schedule) in Windmill:
Folders
Folders group various items, such as scripts, flows, resources, and schedules, together and assign role-based access control permissions to groups and individual users.
Folders should represent projects, and we recommend assigning permissions to groups. You should have as many top-level folders that you have different projects/permission scopes.
Subfolders
You can have as many subfolders as you want but only the top-level folder will have permissions one can inherit from.
To use subfolders, you just need to have '/' in the last part of the path of an item, like you would do on a filesystem.
Groups
Groups of users are a way to classify users together, allowing for shared permissions within the workspace. Users within the same group (also referred to as a role) will have homogenous permissions. Users can belong to multiple groups simultaneously.
Similar to users, groups can be assigned one of three permission levels for a specific item.
- Viewer: read-only access.
- Writer: read and write access.
- Admin: read and write access, and can manage permissions and new admins.
Groups and folders together
Groups and folders work together to organize permissions and access control within your workspace. Groups can be included within folders, but folders cannot be nested within groups.
It means that if you want to allow a team to use a given resource, you can save it in a folder, and either add each member of the team as a user in the folder, or add a group containing the whole team to the folder.
For example, you are building a Slackbot and want it to use manipulate some resources. You can add the g/slack group (which is automatically created when you configure Slack on Windmill to the desired resource).
