• Blog
  • Docs
  • Careers
  • Get Support
  • Contact Sales
DigitalOcean
  • Featured AI Products

    Compute

    Build, deploy, and scale cloud compute resources

    Containers and Images

    Safely store and manage containers and backups

    Managed Databases

    Fully managed resources running popular database engines

    Management and Dev Tools

    Control infrastructure and gather insights

    Networking

    Secure and control traffic to apps

    Security

    Help protect your account and resources with these security features

    Storage

    Store and access any amount of data reliably in the cloud

    Browse all products

  • AI/ML

    CMS

    Data and IoT

    Developer Tools

    Gaming and Media

    Hosting

    Security and Networking

    Startups and SMBs

    Web and App Platforms

    See all solutions

  • Community

    Documentation

    Developer Tools

    Get Involved

    Utilities and Help

  • Become a Partner

    Marketplace

  • Pricing
  • Log in
  • Sign up
  • Log in
  • Sign up

Company

  • About
  • Leadership
  • Blog
  • Careers
  • Customers
  • Partners
  • Referral Program
  • Affiliate Program
  • Press
  • Legal
  • Privacy Policy
  • Security
  • Investor Relations

Products

  • Knowledge Bases
  • GPU Droplets
  • Bare Metal GPUs
  • Inference Engine
  • Data & Learning
  • Evaluations
  • Model Library
  • Droplets
  • Kubernetes
  • Functions
  • App Platform
  • Load Balancers
  • Managed Databases
  • Spaces
  • Block Storage
  • Network File Storage
  • API
  • Uptime
  • Cloud Security Posture Management (CSPM)
  • Identity and Access Management (IAM)
  • Cloudways
  • View all Products

Resources

  • Community Tutorials
  • Community Q&A
  • CSS-Tricks
  • Write for DOnations
  • Currents Research
  • DigitalOcean Startups
  • Wavemakers Program
  • Compass Council
  • Open Source
  • Newsletter Signup
  • Marketplace
  • Pricing
  • Pricing Calculator
  • Documentation
  • Release Notes
  • Code of Conduct
  • Shop Swag

Solutions

  • AI Training GPU
  • GPU Inference
  • VPS Hosting
  • Website Hosting
  • VPN
  • Docker Hosting
  • Node.js Hosting
  • Web Mobile Apps
  • WordPress Hosting
  • Virtual Machines
  • View all Solutions

Contact

  • Support
  • Sales
  • Report Abuse
  • System Status
  • Share your ideas

Company

  • About
  • Leadership
  • Blog
  • Careers
  • Customers
  • Partners
  • Referral Program
  • Affiliate Program
  • Press
  • Legal
  • Privacy Policy
  • Security
  • Investor Relations

Products

  • Knowledge Bases
  • GPU Droplets
  • Bare Metal GPUs
  • Inference Engine
  • Data & Learning
  • Evaluations
  • Model Library
  • Droplets
  • Kubernetes
  • Functions
  • App Platform
  • Load Balancers
  • Managed Databases
  • Spaces
  • Block Storage
  • Network File Storage
  • API
  • Uptime
  • Cloud Security Posture Management (CSPM)
  • Identity and Access Management (IAM)
  • Cloudways
  • View all Products

Resources

  • Community Tutorials
  • Community Q&A
  • CSS-Tricks
  • Write for DOnations
  • Currents Research
  • DigitalOcean Startups
  • Wavemakers Program
  • Compass Council
  • Open Source
  • Newsletter Signup
  • Marketplace
  • Pricing
  • Pricing Calculator
  • Documentation
  • Release Notes
  • Code of Conduct
  • Shop Swag

Solutions

  • AI Training GPU
  • GPU Inference
  • VPS Hosting
  • Website Hosting
  • VPN
  • Docker Hosting
  • Node.js Hosting
  • Web Mobile Apps
  • WordPress Hosting
  • Virtual Machines
  • View all Solutions

Contact

  • Support
  • Sales
  • Report Abuse
  • System Status
  • Share your ideas
© 2026 DigitalOcean, LLC.Sitemap.
Product updates

Expanding DigitalOcean’s Role-Based Access Controls with custom roles

author

By Nicole Ghalwash

  • Published: June 30, 2025
  • 4 min read
<- Back to blog home

Today, we are excited to announce our latest Role-Based Access Control (RBAC) feature, custom roles. With custom roles, teams can now assign permissions to individuals that are precisely aligned with their operational and security requirements, reinforcing the principle of least privilege. This allows for more precise permission management, which helps to enhance overall infrastructure security by reducing the risk of over-privileged accounts. Custom roles give you full control over who can do what on your projects, improving the overall security of your cloud resources.

In this blog post, we will walk through what custom roles are, how they work, key features, when to use them, and how they can help your team.

What are custom roles?

Custom roles are user-defined sets of permissions that allow organizations to tailor access control to their specific needs, beyond what’s available in predefined roles. In other words, custom roles let you create your own set of permissions instead of relying only on default, predefined roles (like Viewer, Billing Viewer, etc.) that may not work for you. Now, users can define more detailed custom permissions that target specific resources and needs. For example, a user may only need read access to Droplets, but write access to Kubernetes.

Hear what a DigitalOcean customer had to say about using custom roles. This customer is a Co-founder of a revenue management company:

“Custom roles helped me bring my team onto the platform without granting blanket access. This feature helped me manage access for other users within my company, and it is an advancement towards more secure collaboration, which is crucial."

Key features of custom roles

Custom roles have three primary functions for the modern, digital-native business with multiple teams:

  • Define specific permissions

    • You can select individual permissions from the available IAM permissions that match the specific tasks a user needs to perform.

    • You can avoid granting permissions not required for a specific role, helping you maintain tighter control over your environment.

  • Control access to resources

    • Granular controls limit the actions a user can perform to very specific tasks such as read-only access or managing user roles.

    • Granular controls are implemented when the user defines a custom role with specific permissions for certain resources. These controls will apply to resources utilized in all projects.

  • Improve security and governance

    • Administrators can help make sure that users only have the permissions they need, minimizing the risk of privilege misuse or insider threats.

A revenue management company Co-founder said “DigitalOcean’s custom roles helped me bring my team onto the platform without granting blanket access. This feature helped me manage access for other users within my company, and it is an advancement towards more secure collaboration, which is crucial."

When to use custom roles vs. predefined roles

DigitalOcean recommends following the principle of least privilege by using custom roles whenever possible. But constraints like limited time or resources may restrict how much time you spend on user access management. This is where predefined roles prove to be helpful! For many common scenarios, predefined roles, like Owner, Member, Modifier, Biller, Billing Viewer, and Resource Viewer, are a quick and efficient way to assign access. If granular access control isn’t necessary, these roles—available conveniently in the cloud control panel—cover standard use cases.

Custom roles are best when predefined roles don’t align with the specific responsibilities of your team, or members of other teams that are working on a given project. For example, you might need to give a user read-only access to Droplets but write access to Kubernetes, or let someone manage App Platform while restricting access to Droplets. Since these abilities aren’t covered in predefined roles, you’d need custom roles to tailor those permissions.

How custom roles benefit your team

Custom roles offer a wealth of benefits to organizations, small and large alike. They include:

  • Operational flexibility: With custom roles, you can define roles for part-time contributors, contractors, or specialized team members without over-privileging them.

  • Better collaboration: Projects that require different teams (Engineering, Marketing, Operations) which can quickly become complex in terms of user permissions. With custom roles, you can set clear boundaries around who can access what, based on the specific responsibilities of each team member, especially in fast-growing groups.

  • Improved security and compliance: Custom roles help to enforce guardrails for sensitive actions like destroying resources or accessing billing information.

  • Principle of least privilege: A rule of thumb in the Identity and Access Management sphere, it helps reduce the chances of a security breach, reduce malware spread, and improve overall system stability and security.

Resources to get started

  • Start building with DigitalOcean today by signing up for a cloud account

  • View our RBAC product documentation to learn more about the custom roles.

  • Learn more about the power of RBAC and other Identity and Access Management products

  • Contact our sales team or connect with a DigitalOcean partner who can help advise you on architecture reviews, deployments, and other infrastructure assistance

  • Interested in migrating to DigitalOcean? Learn more here

About the author

Nicole Ghalwash
Nicole Ghalwash
Author
See author profile
See author profile

Share

  • Product Updates

Start building today

From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
Sign up

Related Articles

Scale Faster with Managed Weaviate: Now in Public Preview on DigitalOcean
Product updates

Scale Faster with Managed Weaviate: Now in Public Preview on DigitalOcean

Waverly Swinton
  • July 9, 2026
  • 4 min read

Read more

DigitalOcean Evaluations: Production Model and Router Testing for the Inference Stack
Product updates

DigitalOcean Evaluations: Production Model and Router Testing for the Inference Stack

Grace Morgan
  • July 1, 2026
  • 3 min read

Read more

Run Codex in the cloud – DigitalOcean for Codex is now available
Product updates

Run Codex in the cloud – DigitalOcean for Codex is now available

Ari Sigal
  • June 25, 2026
  • 3 min read

Read more