Skip to content

Admin and Extend

The Admin and Extend area is the customer-facing control center for access, organization boundaries, user membership, role-based permissions, and governed custom node development.

Use this area to answer questions such as:

  • Who can access this SchemAlign environment?
  • Which organizations can a user work in?
  • What level of access does a user have?
  • Which teams can create, run, or manage pipelines?
  • Who is allowed to build or manage custom nodes through Extend?

Admin responsibilities

Admin is focused on governance inside SchemAlign. It is not intended to expose infrastructure or internal deployment operations to everyday users.

Administrators use this area to manage:

  • users
  • organizations
  • organization memberships
  • role assignments
  • access boundaries between functional areas
  • impersonation or support workflows where enabled
  • Extend access for approved custom node builders

RBAC controls

Role-based access control determines what each user can see and do inside each SchemAlign organization. Access is assigned through organization memberships, so the same person can have different responsibilities in different operating boundaries.

Typical RBAC decisions include:

Control area What it governs
Environment access Whether a person can sign in and use the SchemAlign environment
Organization membership Which operating boundaries, departments, or teams the user can access
Organization role Whether the user can view, operate, edit, or administer resources inside that organization
Accounts access Whether the user can work with service accounts and connection profiles available to the organization
Storage and run output access Whether the user can inspect artifacts, logs, run history, and runtime outputs for that organization
Extend access Whether the user can create or manage approved custom node apps

Organization roles

SchemAlign uses organization-scoped roles for day-to-day access control. These roles are assigned per organization.

Organization role What the user can do
Org Viewer (org_viewer) View the organization's visible pipelines, run history, logs, and operational status.
Org Operator (org_operator) Execute pipelines for the organization and view logs, run history, and operational output.
Org Editor (org_editor) Create and edit projects for the organization.
Org Admin (org_admin) Manage RBAC within the organization, including user memberships and organization role assignments.

Access should be intentional

Organization membership and role assignment should be reviewed together. A user should only receive access to the organizations and capabilities needed for their work.

Use the smallest practical role

Most users do not need organization admin access. Assign viewer access for oversight, operator access for run execution, editor access for builders, and admin access only for users responsible for managing access within the organization.

Organization management

Organizations define security and operating boundaries in SchemAlign. They may represent full tenants, functional areas, departments, distributed IT teams, or shared/global resources.

Use organization management to:

  1. Create the organization or operating boundary.
  2. Assign users to the organization.
  3. Choose the user's organization role: org_viewer, org_operator, org_editor, or org_admin.
  4. Review which projects, pipelines, accounts, storage areas, and runtime outputs belong to that organization.
  5. Confirm who can view activity, execute pipelines, edit projects, or manage RBAC.
  6. Use global organization resources only when shared access is intentional.

This helps prevent accidental cross-access. For example, an Advancement team can manage donor-system integrations while an Admissions team manages application integrations, without exposing one area's workspace, accounts, storage, pipelines, or outputs to the other area by default.

User management

User management controls who can access SchemAlign and what they can do after signing in.

A typical user setup workflow is:

  1. Create or locate the user.
  2. Confirm the user's identity information, such as name and email address.
  3. Add the user to the appropriate organization memberships.
  4. Assign the correct organization role for each membership.
  5. Review whether the user should view, operate, edit, or administer that organization.
  6. Review access before the user begins work.
  7. Remove or adjust access when the user's responsibilities change.

For most users, organization membership matters more than broad environment-level access. Use the smallest practical access scope.

Extend

Extend is the governed area for creating and managing custom node apps.

A custom node app packages customer-specific integration logic so it can be used as an approved node inside the Workspace. This gives teams a controlled way to support specialized APIs, data formats, validation rules, routing patterns, or destination behaviors without turning unreviewed code into a normal production pipeline step.

Extend should be governed by:

  • administrative access controls
  • code and behavior review before production use
  • testing in a non-production environment when available
  • clear ownership for each custom node app
  • runtime guardrails
  • documentation for supported inputs, outputs, and expected behavior

Create an Extend app

Use this workflow when an approved technical user needs to create a custom node app.

  1. Open Admin and Extend.
  2. Go to the Extend area.
  3. Choose Create app or the equivalent action for adding a new custom node app.
  4. Give the app a clear name and description.
  5. Identify the app owner or responsible team.
  6. Define what the app is intended to do.
  7. Define the node configuration fields users will provide in the Workspace.
  8. Define the expected input and output behavior.
  9. Add or attach the custom node implementation.
  10. Test the app in a safe environment or test project.
  11. Review the app behavior, logging, and error handling.
  12. Enable the app for the intended organization or users.
  13. Document how builders should use the custom node in pipelines.

Good Extend app documentation

Each custom node app should explain:

  • what problem the node solves
  • when to use it
  • which systems or data patterns it supports
  • required configuration fields
  • optional configuration fields
  • expected inputs
  • expected outputs
  • common errors
  • ownership and support expectations

Keep extension work controlled

Custom node development can affect systems, data, and runtime safety. Restrict Extend access to authorized users and review custom node behavior before production use.