Role Creation and Management
Create a role with your desired permissions in Organization Settings > Roles tab > Add Role button. You can also edit or delete roles from that page.Role Deletion BehaviorWhen roles are deleted while being assigned, the users or team will update according to the role assignment level:
- Organization level: The user will receive the default Organization User role.
- Project level: The user will lose access to that project and have no role in it.
- Environment level: The user will lose access to that environment and have no role in it.
Role Assignment
Roles can be assigned to users or teams:- Organization Roles: Assigned in Organization Settings > Users or Teams tab. See Assigning Organization Roles for details.
- Project Roles: Assigned in Project Settings > Users or Teams tab. See Assigning Project Roles for details.
- Environment Roles: Assigned in the Environment page > ACCESS tab. See Assigning Environment Roles for details.
Custom Role Permissions
Deployment Permissions
| Permission | Description |
|---|---|
| Run Plans | Create an environment, redeploy & destroy - without apply (requires approval) |
| Run Applies | Create an environment, redeploy & destroy (without requiring approval), approve plans and update environment-level variables |
| Abort Deployments | Abort running deployments |
| Run Tasks | Run ad hoc commands on environmentsโ workspaces |
| Create VCS Environment | Create an environment without use of a template. Used in conjunction with โRun Plansโ or โRun Appliesโ |
Environment Permissions
| Permission | Description |
|---|---|
| Edit Environment Settings | Edit Continuous Deployment, Environment Triggers, Scheduling and Drift Detection |
| Edit Environment VCS Settings | Edit IaC type, advanced settings and VCS details in Environments that are created using a VCS rather than using a template |
| View Drift Cause | View the cause of a drift in the environment |
| Archive Environment | Mark an environment as inactive (without destroying the underlying resources) |
| Lock/Unlock Environment | Lock environment, preventing changes to the underlying resources |
| Override Max TTL | Extend environmentsโ TTL beyond the project/organization policy |
| Override projectโs max-environments policy | Allow creating more environments in a project than a projectโs policy allows |
| View Environment | See environment in Environmentโs list, view its settings, variables and logs |
| Assign roles on environment | Assign roles for environment(s) |
Project Permissions
| Permission | Description |
|---|---|
| View Project | See project in Projects list, view project settings, templates, variables and environments, within a specific project |
| Edit Project Settings | Edit Project Settings & Variables |
| Manage Project Templates | Manage which templates can be used to create environments, within a specific project |
| Create Project | Create new projects |
| Import Environments | Import existing infrastructure as env zero environments |
Organization Permissions
| Permission | Description |
|---|---|
| View Organization | View organization variables, templates and modules |
| Edit Organization Settings | Edit organization settings and variables |
| Create & Edit Templates | Create and edit templates in the organization |
| Create & Edit Modules | Create and edit modules in the organizationโs private module registry |
| Create & Edit Providers | Create and edit providers in the organizationโs private provider registry |
| Create Cross-Project Environment Triggers | Make an Environmentโs from one project, trigger an environment in another project |
| View Modules | View and download modules from the organizationโs private module registry |
| View Providers | View and download providers from the organizationโs private providers registry |
| Create & Edit Custom Roles | Create and edit custom roles in the organization |
| View Dashboard | View the organizationโs dashboard |
| Edit Dashboard | Edit the organizationโs dashboard (IaC Insights only) |
| View Audit Logs | View the logs for all the events in the organization |
| Manage Billing Information | Change pricing plan and billing data |
| Move Environments | Move environments between different projects |
| Manage Credentials | Create and update credentials |
| Manage VCS Connections | Create, edit, and delete VCS connections |
Remote Backend Permissions
| Permission | Description |
|---|---|
| Read State | Read the remote state |
| Write State | Edit the remote state |
| Force Unlock Workspace | Allowing to force unlock your workspace |
| Edit Allow Remote Apply | Configure whether remote apply is allowed for the workspace |