Role Creation and Management
Create a role with your desired permissions in Organization Settings > Roles tab > Add Role button. You can also edit or delete roles from that page.Role Deletion BehaviorWhen roles are deleted while being assigned, the users or team will update according to the role assignment level:
- Organization level: The user will receive the default Organization User role.
- Project level: The user will lose access to that project and have no role in it.
- Environment level: The user will lose access to that environment and have no role in it.
Role Assignment
Roles can be assigned to users or teams:- Organization Roles: Assigned in Organization Settings > Users or Teams tab. See Assigning Organization Roles for details.
- Project Roles: Assigned in Project Settings > Users or Teams tab. See Assigning Project Roles for details.
- Environment Roles: Assigned in the Environment page > ACCESS tab. See Assigning Environment Roles for details.
Custom Role Permissions
Deployment Permissions
| Permission | Description |
|---|---|
| Run Plans | Create an environment, redeploy & destroy - without apply (requires approval) |
| Run Applies | Create an environment, redeploy & destroy (without requiring approval), approve plans and update environment-level variables |
| Abort Deployments | Abort running deployments |
| Run Tasks | Run ad hoc commands on environments’ workspaces |
| Create VCS Environment | Create an environment without use of a template. Used in conjunction with “Run Plans” or “Run Applies” |
Environment Permissions
| Permission | Description |
|---|---|
| Edit Environment Settings | Edit Continuous Deployment, Environment Triggers, Scheduling and Drift Detection |
| Edit Environment VCS Settings | Edit IaC type, advanced settings and VCS details in Environments that are created using a VCS rather than using a template |
| View Drift Cause | View the cause of a drift in the environment |
| Archive Environment | Mark an environment as inactive (without destroying the underlying resources) |
| Lock/Unlock Environment | Lock environment, preventing changes to the underlying resources |
| Override Max TTL | Extend environments’ TTL beyond the project/organization policy |
| Override project’s max-environments policy | Allow creating more environments in a project than a project’s policy allows |
| View Environment | See environment in Environment’s list, view its settings, variables and logs |
| Assign roles on environment | Assign roles for environment(s) |
Project Permissions
| Permission | Description |
|---|---|
| View Project | See project in Projects list, view project settings, templates, variables and environments, within a specific project |
| Edit Project Settings | Edit Project Settings & Variables |
| Manage Project Templates | Manage which templates can be used to create environments, within a specific project |
| Create Project | Create new projects |
| Import Environments | Import existing infrastructure as env zero environments |
Organization Permissions
| Permission | Description |
|---|---|
| View Organization | View organization variables, templates and modules |
| Edit Organization Settings | Edit organization settings and variables |
| Create & Edit Templates | Create and edit templates in the organization |
| Create & Edit Modules | Create and edit modules in the organization’s private module registry |
| Create & Edit Providers | Create and edit providers in the organization’s private provider registry |
| Create Cross-Project Environment Triggers | Make an Environment’s from one project, trigger an environment in another project |
| View Modules | View and download modules from the organization’s private module registry |
| View Providers | View and download providers from the organization’s private providers registry |
| Create & Edit Custom Roles | Create and edit custom roles in the organization |
| View Dashboard | View the organization’s dashboard |
| Edit Dashboard | Edit the organization’s dashboard (IaC Insights only) |
| View Audit Logs | View the logs for all the events in the organization |
| Manage Billing Information | Change pricing plan and billing data |
| Move Environments | Move environments between different projects |
| Manage Credentials | Create and update credentials |
| Manage VCS Connections | Create, edit, and delete VCS connections |
Remote Backend Permissions
| Permission | Description |
|---|---|
| Read State | Read the remote state |
| Write State | Edit the remote state |
| Force Unlock Workspace | Allowing to force unlock your workspace |
| Edit Allow Remote Apply | Configure whether remote apply is allowed for the workspace |