We're excited to roll out fine-grained access control today – a feature many of you have asked for. This update lets workspace owners attach approvers directly to specific views, giving you much more control over who can approve what changes in your infrastructure. It's built on top of our existing approval workflows, but now with the precision many compliance-focused teams need.
If you missed our Views announcement, here's a quick explainer: Views lets you organize your infrastructure components into collections that make sense for different users (developers, network engineers, security, etc.) or purposes. Think of them as custom perspectives on your system.
A networking engineer might need to see VPCs and subnets, while a developer cares more about application components. Views let each person focus on what matters to them. Components can live in multiple views (showing up in both the networking and application views, for example), and any changes to a component will reflect in every view.
As organizations scale with System Initiative, we've heard loud and clear that workspace-level approvals aren't always enough. Your security team might need exclusive approval rights for network changes, while your database admin should be the one approving database modifications.
For teams working in regulated environments (ISO 27001, SOC 2, HIPAA, GDPR), having these controls isn't just nice to have – it's essential for compliance. Instead of splitting your infrastructure across multiple repos or building custom approval systems, you can handle it all within SI.
We've designed fine-grained access control to be powerful yet intuitive. Here's a deeper look at how it functions:
There are two simple ways to add approvers to views:
1
in the screenshot)2
)3
)1
in the screenshot)2
in the screenshot)We've built an intelligent approval system that calculates precisely who needs to sign off on changes:
Here's what the fine-grained approval process looks like in practice. In a workspace, Paul is the owner of the workspace and has made John and Brit workspace-level approvers. The workspace has several views:
You can see, above, a complex approval requirement in progress. One of the workspace approvers needs to approve the request because there's a new view added and components changed in the default view. Paul has already provided that approval (marked as
1
in the screenshot) on behalf of the workspace approvers.
The "See the breakdown of changes" button (marked as 2
in the screenshot) gives access to the audit log with a detailed list of all changes.
Scott has been requested for approval (marked as 3
) specifically due to changes made in the networking view, where he's the designated approver.
Notice that the "Apply Change Set" button (marked as 4
) remains unavailable until all required approvals are collected. Since Scott's approval is still pending, the changes cannot yet be applied.
This multi-level approval process ensures that all the right stakeholders sign off on changes before they take effect.
Fine-grained access control is available for all users starting today. It works seamlessly with our existing Views and approval workflows. Based on your feedback, we're already planning future improvements to our permission systems.
Have questions or thoughts? Join us on Discord - I'm SI_Stack72 there, or just drop something in the #discussion channel. We'd love to hear how you're using this feature.
Paul is an engineer turned product manager who is passionate about the Continuous Delivery and DevOps movements and how they are critical in helping businesses deliver value to their customers.