Permissions and roles
Cloud Applications use role-based access control to manage who can view, modify, and operate cloud apps and their environments. Permissions are assigned via roles at the organisation level, giving you fine-grained control over what each team member can do.
Permissions
Section titled “Permissions”Each permission controls access to a specific set of Cloud Application capabilities.
Application & environment permissions
Section titled “Application & environment permissions”| Permission | Description |
|---|---|
read_applications | View cloud applications and their configuration |
write_applications | Create and update cloud applications |
delete_applications | Delete cloud applications |
read_environments | View environments and their configuration |
write_environments | Create and update environments |
delete_environments | Delete environments |
trigger_sync | Trigger a sync to non-production environments |
trigger_prod_sync | Trigger a sync to production environments |
run_command | Execute commands in an environment |
Backup permissions
Section titled “Backup permissions”| Permission | Description |
|---|---|
trigger_backup | Create a new backup of an environment |
delete_backup | Delete an existing backup |
download_backup | Download a backup archive |
Built-in roles
Section titled “Built-in roles”Cloud Applications ship with five built-in roles that cover the most common team structures. Each role bundles the permissions listed above into a sensible default.
| Permission | Organization Owner | Organization Admin | Cloud App Manager | Cloud App Developer | Cloud App Read Only |
|---|---|---|---|---|---|
read_applications | ✅ | ✅ | ✅ | ✅ | ✅ |
write_applications | ✅ | ✅ | ✅ | ✅ | |
delete_applications | ✅ | ✅ | ✅ | ||
read_environments | ✅ | ✅ | ✅ | ✅ | ✅ |
write_environments | ✅ | ✅ | ✅ | ✅ | |
delete_environments | ✅ | ✅ | ✅ | ||
trigger_sync | ✅ | ✅ | ✅ | ✅ | |
trigger_prod_sync | ✅ | ✅ | ✅ | ||
run_command | ✅ | ✅ | ✅ | ✅ | |
trigger_backup | ✅ | ✅ | ✅ | ✅ | |
delete_backup | ✅ | ✅ | ✅ | ||
download_backup | ✅ | ✅ | ✅ | ✅ | ✅ |
Role summary
Section titled “Role summary”- Organization Owner — Full access to all cloud application features
- Organization Admin — Full access to all cloud application features
- Cloud App Manager — Can create, update, and delete applications and environments, trigger syncs (including production), and manage backups
- Cloud App Developer — Can view and update applications and environments, trigger non-production syncs, run commands, and create/download backups, but cannot delete applications, environments, or backups, or trigger production syncs
- Cloud App Read Only — Can view applications, environments, and download backups, but cannot make any changes
Assigning roles
Section titled “Assigning roles”Navigate to Team in the dashboard sidebar. Add team members and assign the appropriate role. Members inherit permissions from their role — there is no need to configure individual permissions manually.
Next steps
Section titled “Next steps”- Team management — Manage team members and organisation-level roles
- Studio permissions — View Studio-specific permissions and roles