Roles
Every user has one or more roles that regulate which actions that user can execute. We have roles that are oriented towards managers, developers, operations, security, CI, and more.
Management roles
- Admin
| Role | ID | Slug | Description |
|---|---|---|---|
| Admin | 696188987 | admin | - Create and destroy resources and invite users with other roles. - Manage the organization, account or namespace. - Create, modify, and delete applications and its scopes. - Admin roles automatically include Developer permissions. |
Developer centric roles
- Developer
- Member
| Role | ID | Slug | Description |
|---|---|---|---|
| Developer | 700317756 | developer | - Manage applications in the organization, account, or namespace. - Create applications, parameters, deployments. - Can create builds, releases, scopes, and start them. - View logs, performance, metadata, and troubleshoot. - Cannot make changes at the organization or account level. - Includes Member permissions by default. |
| Member | 704380989 | member | - Read-only access to resources. - Can view organization, account, namespace, and application information. - Included by default in all roles. - Cannot make changes. |
DevOps / Infrastructure / Security / FinOps centric roles
- Ops
- SecOps
- CI
| Role | ID | Slug | Description |
|---|---|---|---|
| Ops | 708509758 | ops | - Configure the infrastructure for the organization, account, namespace, or application. - Includes Member permissions by default. |
| SecOps | 712638527 | secops | - Configure security-related features for the organization, account, namespace, or application. - Includes Member permissions. |
| CI | 1855672260 | machine:ci | - Create builds, assets, releases, and metadata. - Includes Member permissions by default. |
Having a role on a certain resource doesn't necessarily translate into being able to execute actions on your own as your company might have configured approval flows that will be triggered upon your action. Check the Approvals section for more information.
Who's allowed to grant permissions
Granting a permission means assigning a role to a user on a specific Nullplatform Resource Name (NRN) and its child resources. For example, you can be assigned the Admin role on an application, namespace, account, or even the entire organization.
Users can grant permissions to other users according to the following rules:
-
Users can only grant permissions at the same or lower NRN level where they have their own grant.
-
The role being granted must be one that the granter is authorized to assign, based on the following table:
Granter Roles that can be granted Admin Admin, Member, Ops, Developer, SecOps Ops CI
Grant permissions
You can grant permissions in the following ways:
-
From the UI – Go to your Namespace view and select Team Management from the top bar's drop-down menu.
-
Using the CLI or API – Use these tools to grant permissions programmatically.
Grant removal
- Only users with the Admin role can remove grants.
- You can only remove grants at or below the NRN level where you hold the Admin role.