DigitalOcean announced expanded capabilities for its identity management offerings with custom roles, the newest Role-Based Access Control (RBAC) offering for its cloud platform. This offering allows customers to create roles that are specifically tailored to the job responsibilities of their team members.

As a result, custom roles allow organizations to apply the principle of least privilege, which helps to reduce security risks and strengthen the security of their cloud resources.

Custom roles can reduce security risks and improve security, governance, and compliance, while also helping to streamline access management amongst teams. These roles enable organizations to define and assign roles tailored to a team’s exact needs, reducing the risk of over-privileged access.

By creating and naming a new role – such as “Infrastructure Administrator” or “Kubernetes Read-Only” – customers can choose from a list of granular permissions, and assign the role to users. The users will inherit only the permissions specified — this is ideal when default roles may not fit a user’s exact needs.

Additional benefits for custom roles includes:

Control access to resources: Granular controls limit the actions a user can perform to very specific tasks such as read-only access or managing user roles. Granular controls are implemented when the user defines a custom role with specific permissions for certain resources.

Improve security and governance: The principle of least privilege is enforced through custom role creation, whereby administrators can limit users' access to only the permissions that they need, reducing the risk of privilege misuse or insider threats.

“With custom roles, we’re putting the power of enterprise-grade access management in the hands of our customers,” said Todd Redfoot, SVP and GM, Platform and Shared Services at DigitalOcean. “This offering gives administrators the granular control they need to balance security, compliance, and day-to-day productivity and collaboration across their entire organization.”