Custom Roles

env0's Custom Roles

env0's Custom Role allows you to restrict access based on predefined roles of individual users & teams within your organization. It helps ensure users access only information they need to do their jobs and prevents them from accessing information that doesn't pertain to them.


Feature Availability

Custom Roles are only available to Business and Enterprise level customers. Click here for more details

Role Creation & Management

First, create a role with your desired permissions.
This can be done in the organization settings page -> roles tab -> add role button.
You can also edit or delete roles from that page.


More On Role Deletion

When roles are deleted while being assigned the users \ team will update according to the role assignment level:
If the role assignment level is by the organization, the user will receive the default "User" role.
If the role assignment level is by the project the user will lose access to that project and have no role in it.
If the role assignment level is by the environment the user will lose access to that environment and have no role in it.

Role Assignment

Roles can be assigned to users or to teams.

  • "Organization Roles" - can be assigned on the organization settings page in the Users tab (Teams can only be assigned as a Project Role)
  • "Project Roles" - can be assigned on the project setting page in either the Users or Teams tab.
  • "Environment Roles" - can be assigned on the environment page in the Access tab.


More On Role Assignment

env0's RBAC is cascading, top to bottom, meaning that if a user has permission on an organization (via the role) he has that permission on every project or environment in that organization. (but not the other way around, project permissions apply for their particular projects only)

Custom Role Permissions

Deployment Permissions

Run PlansCreate an environment, redeploy & destroy - without apply (requires approval)
Run AppliesCreate an environment, redeploy & destroy (without requiring approval), approve plans
Abort DeploymentsAbort running deployments
Run TasksRun ad hoc commands on environments' workspaces
Create VCS EnvironmentCreate an environment without use of a template. Used in conjunction with "Run Plans" or "Run Applies"

Environment Permissions

Edit Environment SettingsEdit Continuous Deployment, Environment Triggers, Scheduling and Drift Detection
Archive EnvironmentMark an environment as inactive (without destroying the underlying resources)
Lock/Unlock EnvironmentLock environment, preventing changes to the underlying resources
Override Max TTLExtend environments' TTL beyond the project/organization policy
Override project's max-environments policyAllow creating more environments in a project than a project's policy allows
View EnvironmentSee environment in Environment's list, view its settings, variables and logs
Assign roles on environmentAssign roles for environment(s)

Project Permissions

View ProjectSee project in Projects list, view project settings, templates, variables and environments, within a specific project
Edit Project SettingsEdit Project Settings & Variables
Manage Project TemplatesManage which templates can be used to create environments, within a specific project
Create ProjectCreate new projects

Organization Permissions

View OrganizationView organization variables, templates and modules
Edit Organization SettingsEdit organization settings and variables
Create & Edit TemplatesCreate and edit templates in the organization
Create & Edit ModulesCreate and edit modules in the organization's private module registry
Create & Edit ProvidersCreate and edit providers in the organization's private provider registry
Create Cross-Project Environment TriggersMake an Environment's from one project, trigger an environment in another project
View ModulesView and download modules from the organization's private module registry
View ProvidersView and download providers from the organization's private providers registry
Create & Edit Custom RolesCreate and edit custom roles in the organization
View DashboardView the organization's dashboard
View Audit LogsView the logs for all the events in the organization
Manage Billing InformationChange pricing plan and billing data

Remote Backend Permissions

Read StateRead the remote state
Write StateEdit the remote state
Force Unlock WorkspaceAllowing to force unlock your workspace