Custom roles

Monte Carlo now supports custom roles, giving teams the flexibility to tailor authorization to match their organization's structure, requirements, and separation-of-duty needs.

Create custom roles via the UI (with an interactive policy builder and resolved permissions preview) or via API/YAML definitions for "IAM as code" workflows. Authorization groups now support multiple roles, so you can pair a built-in role (like Editor) with a focused custom role that overrides specific permissions. Built-in roles continue to receive new permissions automatically; your custom overrides stay in place.

Permission resolution follows a clear, predictable model: secure by default, most-specific policy wins, and deny beats allow at the same specificity level. Ready-to-use recipes are included for common patterns like restricting billing access, managing sampling data access (grant, deny, or scope to specific domains), and more.

Also included: detailed user and group management pages, a change log for auditing modifications, and comprehensive new enablement docs. Learn more: https://docs.getmontecarlo.com/docs/authorization