env0's Custom Role allows you to restrict access based on predefined roles of individual users & teams within your organization. It helps ensure users access only information they need to do their jobs and prevents them from accessing information that doesn't pertain to them.
Custom Roles are only available to Business and Enterprise level customers. Click here for more details
First, create a role with your desired permissions.
This can be done in the organization settings page -> roles tab -> add role button.
You can also edit or delete roles from that page.
More On Role Deletion
When roles are deleted while being assigned the users \ team will update according to the role assignment level:
If the role assignment level is by the organization, the user will receive the default "User" role.
If the role assignment level is by the project the user will lose access to that project and have no role in it.
If the role assignment level is by the environment the user will lose access to that environment and have no role in it.
Roles can be assigned to users or to teams.
- "Organization Roles" - can be assigned on the organization settings page in the Users tab (Teams can only be assigned as a Project Role)
- "Project Roles" - can be assigned on the project setting page in either the Users or Teams tab.
- "Environment Roles" - can be assigned on the environment page in the Access tab.
More On Role Assignment
env0's RBAC is cascading, top to bottom, meaning that if a user has permission on an organization (via the role) he has that permission on every project or environment in that organization. (but not the other way around, project permissions apply for their particular projects only)
|Create an environment, redeploy & destroy - without apply (requires approval)
|Create an environment, redeploy & destroy (without requiring approval), approve plans
|Abort running deployments
|Run ad hoc commands on environments' workspaces
|Create VCS Environment
|Create an environment without use of a template. Used in conjunction with "Run Plans" or "Run Applies"
|Edit Environment Settings
|Edit Continuous Deployment, Environment Triggers, Scheduling and Drift Detection
|Mark an environment as inactive (without destroying the underlying resources)
|Lock environment, preventing changes to the underlying resources
|Override Max TTL
|Extend environments' TTL beyond the project/organization policy
|Override project's max-environments policy
|Allow creating more environments in a project than a project's policy allows
|See environment in Environment's list, view its settings, variables and logs
|Assign roles on environment
|Assign roles for environment(s)
|See project in Projects list, view project settings, templates, variables and environments, within a specific project
|Edit Project Settings
|Edit Project Settings & Variables
|Manage Project Templates
|Manage which templates can be used to create environments, within a specific project
|Create new projects
|View organization variables, templates and modules
|Edit Organization Settings
|Edit organization settings and variables
|Create & Edit Templates
|Create and edit templates in the organization
|Create & Edit Modules
|Create and edit modules in the organization's private module registry
|Create & Edit Providers
|Create and edit providers in the organization's private provider registry
|Create Cross-Project Environment Triggers
|Make an Environment's from one project, trigger an environment in another project
|View and download modules from the organization's private module registry
|View and download providers from the organization's private providers registry
|Create & Edit Custom Roles
|Create and edit custom roles in the organization
|View the organization's dashboard
|View Audit Logs
|View the logs for all the events in the organization
|Manage Billing Information
|Change pricing plan and billing data
Remote Backend Permissions
|Read the remote state
|Edit the remote state
|Force Unlock Workspace
|Allowing to force unlock your workspace
Updated 7 months ago