Information for: DEVELOPERS   PARTNERS

Working with roles and permissions

A role is a collection of permissions to perform specific operations. Grouping permissions into roles makes it easier to give and revoke permission to users, based on their job functions. When you assign a user to a team in the Cloud Platform user interface, you assign to them a role defining what they can and can’t do on the team’s applications and environments.

On the Manage > Roles page of the Cloud Platform user interface, the following actions are available:

You can also manage roles through the Cloud Platform API.

Viewing an organization’s roles

To view the roles existing in an organization, complete the following steps:

  1. Sign in to Cloud Platform.
  2. Click Manage in the top menu.
  3. In your organization’s information card, click Manage.
  4. On the Organizations page, click Roles in the left menu.

Select the Roles tab from the left menu

Filtering roles

If you have many custom roles, you can filter the roles displayed on the Roles page. To filter roles, enter text in the Filter Roles field. As you type, the Roles page displays only the roles whose name matches your filter string.

Viewing a role’s permissions

You can view the permissions granted to a role by clicking View next to the role’s name. You can also view the permissions by comparing two or more roles.

Default roles

By default, all organizations have four roles:

  • Administrator
  • Team lead
  • Senior developer
  • Developer

If the allocation of permissions to these roles matches your workflow and business needs, you can use them as-is. You can also create new custom roles or edit the default roles so that their permissions work best with the way your organization runs.

You can’t edit the Administrator role; it always includes all possible permissions. An Administrator has that role for the entire organization; it isn’t limited by membership on a team. An organization’s Owner or Administrator can edit the other default roles (including changing the name of a default role) and can create, edit, and remove custom roles.

Comparing roles

You can select two or three existing roles and compare their permissions. To compare roles:

  1. Sign in to Cloud Platform as an organization owner or administrator.
  2. Select your organization and then click Teams in the top menu.
  3. On the Organizations page, click Roles in the left menu.
  4. Select the roles you want to compare.
  5. Click Compare roles.

The Compare roles page displays the permissions for the roles you selected. Permissions granted to a role display a green checkbox, while permissions not granted to a role display a black lock icon.

Comparing roles

Creating a custom role

An Owner or Administrator can create custom roles within an organization, in addition to the default roles (Administrator, Team lead, Senior developer, and Developer). A custom role can be created only if the organization includes at least one team. Once you create a custom role, you can assign it to team members in the organization instead of or in addition to a default role. To create a custom role, complete the following steps:

  1. Sign in to Cloud Platform as an Owner or Administrator.
  2. Click Manage in the top menu.
  3. In your organization’s information card, click Manage.
  4. On the Organizations page, click Roles in the left menu.
  5. Click Create role.
  6. Enter a name and description for the role.
  7. Optionally, select an existing role whose permissions you want to copy as a starting point. See Copying a role.
  8. Select the permissions you want to give to the new custom role.
  9. Click Create role.

Editing a role

You can edit an existing role, including the default Team lead, Senior developer, and Developer roles, and any custom roles created for your organization. You can’t edit the Administrator or Owner roles; those users always have all possible permissions.

To edit a role:

  1. Sign in to Cloud Platform as an Owner or Administrator.

  2. Click Manage in the top menu.

  3. In your organization’s information card, click Manage.

  4. On the Organizations page, click Roles in the left menu.

  5. Click Edit for the role you want to edit.

    Editing a role

  6. Add a permission to the role by selecting its checkbox; remove a permission by clearing the checkbox for that permission. You can also copy an existing role, then change it, or select all or none of the permissions.

  7. Click Update role.

After a role has been modified, its description lists the user who last edited it.

Deleting a role

You can delete a custom role, but you can’t delete the default roles.

Note

You can’t delete a custom role when an invite for that role is pending. The invite must be removed before the role can be deleted.

To delete a role:

  1. Sign in to Cloud Platform as an Owner or Administrator.
  2. Click Manage in the top menu.
  3. In your organization’s information card, click Manage.
  4. On the Organizations page, click Roles in the left menu.
  5. Click Remove for the role you want to delete.

Copying a role

You may want to create or edit a role so it has most of the permissions of an existing role, but differs by a few permissions. While creating or editing a role, you can copy the permission set of a different existing role. To copy an existing role, select the role you want to copy from in the menu under Copy permissions from existing role. Cloud Platform sets the current role’s permissions to be the same as the other role. Make the permission modifications you want, then click Update role.

Assigning roles to users

You assign one or more roles to a user when you add or invite them to a team in the organization. A user can have different roles on different teams. You can also change the roles assigned to a user on the Members section of the Organizations > Team management page. For more information, see Managing team members.

Assigning roles with the Cloud Platform API

The Cloud Platform API offers the following API endpoints for managing roles and teams: