A role is a collection of permissions to perform specific operations. Grouping permissions into roles makes it easier to give and revoke permission to users, based on their job functions. When you assign a user to a team in the Cloud Platform user interface, you assign to them a role defining what they can and cannot do on the team’s applications and environments.
The following actions are available on the Manage > Roles page for an organization:
You can also manage roles through the Cloud Platform API.
Viewing an organization’s roles
To view the roles existing in an organization:
- Sign in to the Cloud Platform user interface.
- Click Manage in the top menu.
- Click your organization’s information card.
- Click Roles in the navigation pane.
Filtering roles
If you have many custom roles, you can filter the roles displayed on the Roles page. To filter roles, enter text in the Filter Roles field. As you type, the Roles page displays only the roles whose name matches your filter string.
Viewing a role’s permissions
You can view the permissions granted to a role by clicking View next to the role’s name. You can also view the permissions by comparing two or more roles.
Default roles
Each organization has the following default roles based on its associated entitlements:
- Administrator
- Team Lead
- Senior Developer
- Developer
- CMS user
If the allocation of permissions to these roles matches your workflow and business needs, you can use them as-is. You can also create new custom roles or edit the default roles so that their permissions work best with the way your organization runs.
You can’t edit the Administrator role; it always includes all possible permissions. An Administrator has that role for the entire organization; it isn’t limited by membership on a team. An organization’s Owner or Administrator can edit the other default roles (including changing the name of a default role) and can create, edit, and remove custom roles.
Comparing roles
You can select two or three existing roles and compare their permissions. To compare roles:
- Sign in to the Cloud Platform user interface as an organization owner or administrator.
- Click Manage in the top menu.
- Click your organization’s information card.
- Click Roles in the navigation pane.
- Select the roles you want to compare.
- Click Compare roles.
The Compare roles page displays the permissions for the roles you selected. Permissions granted to a role display a green checkbox, while permissions not granted to a role display a black lock icon.
Creating a custom role
An Owner or Administrator can create custom roles in an organization, in addition to the default roles (Administrator, Team lead, Senior developer, and Developer). A custom role can be created only if the organization includes at least one team. After you create a custom role, you can assign it to team members in the organization instead of or in addition to a default role.
To create a custom role:
- Sign in to the Cloud Platform user interface as an Owner or Administrator.
- Click Manage in the top menu.
- Click your organization’s information card.
- Click Roles in the navigation pane.
- Click Create role.
- Enter a name and description for the role.
- (Optional) Select an existing role whose permissions you want to copy as a starting point. For more information, see Copying a role.
- Select the permissions you want to give to the new custom role.
- Click Create role.
Editing a role
You can edit an existing role, including the default Team lead, Senior developer, and Developer roles, and any custom roles created for your organization. You can’t edit the Administrator or Owner roles; those users always have all possible permissions.
To edit a role:
- Sign in to the Cloud Platform user interface as an Owner or Administrator.
- Click Manage in the top menu.
- Click your organization’s information card.
- Click Roles in the navigation pane.
- Click Edit for the role you want to edit.
- Add a permission to the role by selecting its checkbox; remove a permission by clearing the checkbox for that permission. You can also copy an existing role, update it, or select all or none of the permissions.
- Click Update role.
After a role is modified, its description lists the user who last edited it.
Deleting a role
You can delete a custom role, but you cannot delete the default roles.
To delete a role:
- Sign in to the Cloud Platform user interface as an Owner or Administrator.
- Click Manage in the top menu.
- Click your organization’s information card.
- Click Roles in the navigation pane.
- Click Remove for the role you want to delete.
Copying a role
You may want to create or edit a role so it has most of the permissions of an existing role, but differs by a few permissions. While creating or editing a role, you can copy the permission set of a different existing role. To copy an existing role, select the role you want to copy from in the menu under Copy permissions from existing role. Cloud Platform sets the current role’s permissions to be the same as the other role. Make the permission modifications you want, and click Update role.
Assigning roles to users
You assign one or more roles to a user when you add or invite them to a team in the organization. A user can have different roles on different teams. You can also change the roles assigned to a user on the Members section of the Organizations > Team management page. For more information, see Managing team members.
Assigning the Administrator role to a user with a different role
To upgrade the role of an existing member to the Administrator role:
- Sign in to the Cloud Platform user interface as an Owner or Administrator.
- Click Manage in the top menu.
- Click your organization’s information card.
- Click Team Management.
- In Members, click Invite member.
- Select Administrator as the role.
- Click Continue.
- Specify the email address of the existing user who you want to assign the Administrator role.
Click Continue > Invite.
The system sends an email invite to the user. This user must accept the invitation. For such a user, the details appear twice in the team list, once as an Administrator and another as the other role they belong to.
Assigning additional roles to an existing user
To assign additional roles to an existing user:
- Sign in to the Cloud Platform user interface as an Owner or Administrator.
- Click Manage in the top menu.
- Click your organization’s information card.
- Click Team Management.
- In Members, click Edit roles corresponding to the user to whom you want to assign additional roles.
- Select the additional roles that you want to assign to the user.
- Click Continue.
- Review the details and click Save.
Assigning roles with the Cloud Platform API
The Cloud Platform API offers the following API endpoints for managing roles and teams: