Role-Based Access for C4 Diagram Sets
Use this guide to align C4 Diagram Set permissions with the standard Nodinite role model.
- Keep architecture governance consistent with existing Roles and permission sets
- Control who can create sets and create diagrams through import or BizTalk generation
- Allow maintainers to update and curate existing set content
- Restrict destructive operations to governance owners
Permission model for C4 Diagram Sets
The C4 permission set uses the same role-based model as other repository features. Rights are evaluated through assigned Roles.
| Right | Typical usage | Recommendation |
|---|---|---|
| Access | Open and read Diagram Sets and diagrams | Grant to architecture consumers |
| Create | Create new sets and add new diagrams | Grant to architecture authors |
| Modify | Edit set metadata and diagram content | Grant to maintainers |
| Delete or Hard Delete | Remove sets and content | Grant only to super users |
Example of the role-based permissions view for C4 Diagram Sets, including Access, Create, Modify, and Delete controls.
Actions that require Create rights
The following actions require Create permission in the C4 Diagram Set permission set:
- Create a new C4 Diagram Set
- Import diagrams into a set
- Generate diagrams from Integration Landscape
- Create diagrams from BizTalk when using the Add New Set from BizTalk entry point
If users can open a set but cannot perform these actions, verify that Create is set to Allow for their assigned Role.
Default role assignment on new sets
From Nodinite 7.6.0 and later, new Diagram Sets can inherit default roles through DefaultRolesInViews. This helps administrators apply a baseline access model when sets are created.
Use this together with the C4 Diagram Set permission set to avoid manual post-creation access fixes.
Next Steps
- Permission Set for C4 Diagram Sets
- Add or manage C4 Diagram Set
- Generate from Integration Landscape
- Import