Roles & Permissions
Roles
User — works inside projects they have been invited to. Access is scoped to the projects a person has been invited to.
Organization Admin — full control over the organisation.
Infrastructure Admin — focused on infra management.
FinOps Admin — focused on cost and usage..
Project Admin — a per-project elevation rather than an organisation role.
A person can hold Infrastructure and FinOps together, but Organization Admin is all-encompassing and is always granted on its own. See Managing Admins for how roles are assigned.
Permissions table
| Area | Capability | User | Org Admin | Infrastructure | FinOps | Project Admin |
|---|---|---|---|---|---|---|
| Experiments | Trigger experiments (commit or CLI) | ✓ | ✓ | ✓ | ||
| View experiments and logs | ✓ | ✓ | ✓ | |||
| Cancel, resubmit and archive experiments | ✓ | ✓ | ✓ | |||
| Delete own experiments | ✓ | ✓ | ✓ | |||
| View cost and resource usage of own experiments | ✓ | ✓ | ✓ | |||
| Variables | Create, read, update and delete project variables | ✓ | ✓ | ✓ | ||
| Storage | Read project storage and buckets | ✓ | ✓ | ✓ | ||
| Access storage credentials | ✓ | ✓ | ✓ | |||
| Create and delete storage, upload files | ✓ | ✓ | ✓ | |||
| Projects | View assigned projects | ✓ | ✓ | ✓ | ||
| View own project usage and billing figures | ✓ | ✓ | ✓ | ✓ | ||
| Create projects | ✓ | |||||
| Delete a project | ✓ | ✓ | ||||
| Invite users, manage members' roles | ✓ | ✓ | ||||
| Configure VCS providers (GitHub, GitLab, etc.) | ✓ | ✓ | ||||
| Manage project storage, PVCs and labels | ✓ | ✓ | ||||
| Engines | View cloud providers connected to the organisation | ✓ | ✓ | |||
| Create, import, update and delete engines | ✓ | ✓ | ||||
| Assign engines to projects | ✓ | ✓ | ||||
| Organisation | View org-wide usage and cost (FinOps page) | ✓ | ✓ | |||
| Account | Create, read and revoke own API token | ✓ | ✓ | ✓ | ✓ | ✓ |
| Read and update own preferences (theme, currency) | ✓ | ✓ | ✓ | ✓ | ✓ |