Skip to content

Object Access Control Lists

Prefect Cloud's Custom plan offers object-level access control lists to restrict access to specific users and service accounts within a workspace. ACLs are supported for blocks and deployments.

Organization Admins and Workspace Owners can configure access control lists by navigating to an object and clicking manage access. When an ACL is added, all users and service accounts with access to an object via their workspace role will lose access if not explicitly added to the ACL.

Viewing ACL for a deployment in the Prefect Cloud UI.

ACLs and visibility

Objects not governed by access control lists such as flow runs, flows, and artifacts will be visible to a user within a workspace even if an associated block or deployment has been restricted for that user.

See the Prefect Cloud plans to learn more about options for supporting object-level access control.