A role is a collection of permissions to perform specific operations. Grouping permissions into roles makes it easier to give and revoke permission to users, based on their job functions. When you assign a user to a team in the Cloud Platform user interface, you assign to them a role defining what they can and cannot do on the team’s applications and environments.
The following actions are available on the Manage > Roles page for an organization:
The notifications API provides detailed audit logs at the organizational level, capturing all actions and events related to teams and permissions through the Cloud Platform user interface. This includes events such as team and role creation, user additions and removals, and changes to team memberships. With this feature, you can effectively audit your teams and permission changes, maintain compliance with comprehensive log requirements, and ensure FedRAMP compliance.
If you have many custom roles, you can filter the roles displayed on the Roles page. To filter roles, enter text in the Filter Roles field. As you type, the Roles page displays only the roles whose name matches your filter string.
Viewing a role’s permissions
You can view the permissions granted to a role by clicking View next to the role’s name. You can also view the permissions by comparing two or more roles.
Default roles
Note
You cannot delete a custom role when an invite for that role is pending. The invite must be removed before the role can be deleted.
You may want to create or edit a role so it has most of the permissions of an existing role, but differs by a few permissions. While creating or editing a role, you can copy the permission set of a different existing role. To copy an existing role, select the role you want to copy from in the menu under Copy permissions from existing role. Cloud Platform sets the current role’s permissions to be the same as the other role. Make the permission modifications you want, and click Update role.
Assigning roles to users
You assign one or more roles to a user when you add or invite them to a team in the organization. A user can have different roles on different teams. You can also change the roles assigned to a user on the Members section of the Organizations > Team management page. For more information, see Managing team members.
Assigning the Administrator role to a user with a different role
Working with roles and permissions
A role is a collection of permissions to perform specific operations. Grouping permissions into roles makes it easier to give and revoke permission to users, based on their job functions. When you assign a user to a team in the Cloud Platform user interface, you assign to them a role defining what they can and cannot do on the team’s applications and environments.
The following actions are available on the Manage > Roles page for an organization:
The notifications API provides detailed audit logs at the organizational level, capturing all actions and events related to teams and permissions through the Cloud Platform user interface. This includes events such as team and role creation, user additions and removals, and changes to team memberships. With this feature, you can effectively audit your teams and permission changes, maintain compliance with comprehensive log requirements, and ensure FedRAMP compliance.
If you have many custom roles, you can filter the roles displayed on the Roles page. To filter roles, enter text in the Filter Roles field. As you type, the Roles page displays only the roles whose name matches your filter string.
Viewing a role’s permissions
You can view the permissions granted to a role by clicking View next to the role’s name. You can also view the permissions by comparing two or more roles.
Default roles
Note
You cannot delete a custom role when an invite for that role is pending. The invite must be removed before the role can be deleted.
You may want to create or edit a role so it has most of the permissions of an existing role, but differs by a few permissions. While creating or editing a role, you can copy the permission set of a different existing role. To copy an existing role, select the role you want to copy from in the menu under Copy permissions from existing role. Cloud Platform sets the current role’s permissions to be the same as the other role. Make the permission modifications you want, and click Update role.
Assigning roles to users
You assign one or more roles to a user when you add or invite them to a team in the organization. A user can have different roles on different teams. You can also change the roles assigned to a user on the Members section of the Organizations > Team management page. For more information, see Managing team members.
Assigning the Administrator role to a user with a different role
Each organization has the following default roles based on its associated entitlements:
Administrator
Team Lead
Senior Developer
Developer
CMS user
If the allocation of permissions to these roles matches your workflow and business needs, you can use them as-is. You can also create new custom roles or edit the default roles so that their permissions work best with the way your organization runs.
You can’t edit the Administrator role; it always includes all possible permissions. An Administrator has that role for the entire organization; it isn’t limited by membership on a team. An organization’s Owner or Administrator can edit the other default roles (including changing the name of a default role) and can create, edit, and remove custom roles.
Common tasks and required permissions
Use the following table to identify which role, permission, or entitlement to verify for a task:
Task
Where you perform the task
What to verify
Create a Support ticket
Acquia Help Center or Cloud Platform user interface
Verify that your subscription includes Support tickets and that you have remaining Support tickets.
Verify that your Acquia account is active and associated with an Acquia organization, which is required to get assistance from Support.
Create or open a Cloud IDE
Cloud Platform user interface
Verify that Cloud IDE is available for your Cloud Platform subscription and that your role includes Cloud IDE permissions.
Remove a team member’s Cloud IDE
Cloud Platform user interface
Verify that your role includes the Manage any Cloud IDEs permission.
Install or remove SSL certificates
Cloud Platform user interface
Verify that your role includes the following applicable permissions:
Add or remove SSL certificates for non-production environments
Add or remove SSL certificates for production environments
The Compare roles page displays the permissions for the roles you selected. Permissions granted to a role display a green checkbox, while permissions not granted to a role display a black lock icon.
Creating a custom role
An Owner or Administrator can create custom roles in an organization, in addition to the default roles (Administrator, Team lead, Senior developer, and Developer). A custom role can be created only if the organization includes at least one team. After you create a custom role, you can assign it to team members in the organization instead of or in addition to a default role.
(Optional) Select an existing role whose permissions you want to copy as a starting point. For more information, see Copying a role.
Select the permissions you want to give to the new custom role.
Click Create role.
Editing a role
You can edit an existing role, including the default Team lead, Senior developer, and Developer roles, and any custom roles created for your organization. You can’t edit the Administrator or Owner roles; those users always have all possible permissions.
Add a permission to the role by selecting its checkbox; remove a permission by clearing the checkbox for that permission. You can also copy an existing role, update it, or select all or none of the permissions.
Click Update role.
After a role is modified, its description lists the user who last edited it.
Deleting a role
You can delete a custom role, but you cannot delete the default roles.
To upgrade the role of an existing member to the Administrator role:
Specify the email address of the existing user who you want to assign the Administrator role.
Click Continue > Invite.
The system sends an email invite to the user. This user must accept the invitation. For such a user, the details appear twice in the team list, once as an Administrator and another as the other role they belong to.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Each organization has the following default roles based on its associated entitlements:
Administrator
Team Lead
Senior Developer
Developer
CMS user
If the allocation of permissions to these roles matches your workflow and business needs, you can use them as-is. You can also create new custom roles or edit the default roles so that their permissions work best with the way your organization runs.
You can’t edit the Administrator role; it always includes all possible permissions. An Administrator has that role for the entire organization; it isn’t limited by membership on a team. An organization’s Owner or Administrator can edit the other default roles (including changing the name of a default role) and can create, edit, and remove custom roles.
Common tasks and required permissions
Use the following table to identify which role, permission, or entitlement to verify for a task:
Task
Where you perform the task
What to verify
Create a Support ticket
Acquia Help Center or Cloud Platform user interface
Verify that your subscription includes Support tickets and that you have remaining Support tickets.
Verify that your Acquia account is active and associated with an Acquia organization, which is required to get assistance from Support.
Create or open a Cloud IDE
Cloud Platform user interface
Verify that Cloud IDE is available for your Cloud Platform subscription and that your role includes Cloud IDE permissions.
Remove a team member’s Cloud IDE
Cloud Platform user interface
Verify that your role includes the Manage any Cloud IDEs permission.
Install or remove SSL certificates
Cloud Platform user interface
Verify that your role includes the following applicable permissions:
Add or remove SSL certificates for non-production environments
Add or remove SSL certificates for production environments
The Compare roles page displays the permissions for the roles you selected. Permissions granted to a role display a green checkbox, while permissions not granted to a role display a black lock icon.
Creating a custom role
An Owner or Administrator can create custom roles in an organization, in addition to the default roles (Administrator, Team lead, Senior developer, and Developer). A custom role can be created only if the organization includes at least one team. After you create a custom role, you can assign it to team members in the organization instead of or in addition to a default role.
(Optional) Select an existing role whose permissions you want to copy as a starting point. For more information, see Copying a role.
Select the permissions you want to give to the new custom role.
Click Create role.
Editing a role
You can edit an existing role, including the default Team lead, Senior developer, and Developer roles, and any custom roles created for your organization. You can’t edit the Administrator or Owner roles; those users always have all possible permissions.
Add a permission to the role by selecting its checkbox; remove a permission by clearing the checkbox for that permission. You can also copy an existing role, update it, or select all or none of the permissions.
Click Update role.
After a role is modified, its description lists the user who last edited it.
Deleting a role
You can delete a custom role, but you cannot delete the default roles.
To upgrade the role of an existing member to the Administrator role:
Specify the email address of the existing user who you want to assign the Administrator role.
Click Continue > Invite.
The system sends an email invite to the user. This user must accept the invitation. For such a user, the details appear twice in the team list, once as an Administrator and another as the other role they belong to.
Cloud Platform