By default, tasks and runbooks in Airplane have "team access" permissions—anyone on the team can access and execute. Airplane supports role-based access control, allowing you to customize which users have access.
Editing permissions is done from the UI. As an example, let's edit a task in your library. (For a guide on creating tasks, see Build a SQL task or Build a task with code).
In the "Advanced" tab, you can choose between "Team access" (default) or "Explicit permissions."
When specifying explicit permissions, you can choose users or groups to assign "roles" to. "Roles" are groups of permissions that you'll want to apply together, e.g. a "Viewer" role has all the permissions needed to read but not execute a task.
Try adding a group or user with the Requester role, and another with the Viewer role. Make sure the user isn't a Team admin, or else they'll have admin access regardless of these settings.
The Requester role allows you to make use of Airplane's approvals system. When a user has requester but not executer access, they'll see a request button.
This concludes the getting started guide to Airplane. We've covered creating tasks, views, runbooks, and more.
As you explore and build on Airplane, you'll find the rest of the documentation helpful in using various integrations and building advanced features. Be sure to check out the Documentation homepage and Resources overview.
If you have any questions or feedback, don't hesitate to reach out: firstname.lastname@example.org.