Skip to main content
Docs
Feature Requests Onboarding Trust Center Status Page

Community

Other: Granular Connector Administrator Permissions When Using Team-Level Connector Creator Role

Answered
Anders Julton User

Add an option to modify the default behavior when assigning the Connector Creator role at the team level. Specifically:

  1. Allow organizations to configure whether team members automatically receive Connector Administrator permissions for connectors created by other team members
  2. Provide the ability to limit Connector Administrator permissions to only the specific user who created the connector, while still maintaining the team-level Connector Creator role assignment

Use Case: Our organization uses teams to efficiently manage permissions across multiple users. However, we need to maintain principle of least privilege by ensuring that only the connector creator has administrative access to their specific connectors. The current behavior forces us to choose between efficient team-based permission management and granular access control.

Business Impact: This feature would enable organizations to:

  • Maintain security best practices while leveraging team-based permission management
  • Reduce administrative overhead by avoiding individual user-level role assignments
  • Better align with compliance requirements that mandate strict access controls
  • Prevent accidental modifications to connectors by team members who shouldn't have administrative access

Please sign in to leave a comment.

Comments

2 comments

Date Votes
  • Official comment
    Meera User

    Hi Anders,

    Thank you for the detailed request and the clear explanation of your team’s needs—we really appreciate the thoughtfulness you’ve put into this.

    Fivetran’s team-based permission model was intentionally designed to help organizations scale access management efficiently by assigning permissions at the team level. In this model, all members of a team share the same set of permissions, including the ability to manage any connector created by a team member. This allows for seamless collaboration and faster onboarding, especially in larger or distributed teams.

    That said, we completely understand your goal of maintaining least-privilege access and minimizing the risk of accidental changes. To better understand the friction you're running into with the current model:

    • Do users on the same team ever need to manage each other's connectors, or is the expectation that each user should only manage what they create?

    • Have you considered using separate teams for more granular access control, or does that introduce too much overhead?

    This context will help us think through whether there's a way to evolve the permissions model to better support security-conscious orgs like yours, while still maintaining the simplicity that teams offer.

    Thanks again for sharing this - we’re always looking for ways to improve, and your feedback is invaluable.

    Best regards,
    Meera

  • Anders Julton User

    Hi Meera, and thanks for the reply.

    Users of the same team might need to manage each other's connectors, but this would be decided on a connector-by-connector basis. 

    We did consider using separate teams (as this is currently the only option), but we decided against it due to the increased management overhead.

    Regards,
    Anders