Configuring Permissions

The Permissions tab lets admins define exactly what each role can do by assigning or removing specific permissions.

All permissions follow the format: resource:action Examples:

• project.create — Create new projects
• project.edit — Modify existing projects
• project.delete — Delete projects
• workspace.create — Create new workspaces
• workspace.edit — Modify workspaces
• workspace.delete — Delete workspaces
• terraform.init — Run terraform init
• terraform.validate — Run terraform validate
• terraform.plan — Run terraform plan
• terraform.apply — Run terraform apply
• terraform.destroy — Run terraform destroy
• terraform.preview — Generate architecture graph
• app-credentials.create — Create app credentials
• app-credentials.edit — Edit app credentials
• app-credentials.delete — Delete app credentials
• app-credentials.view — View credential details
• cloud-provider-credentials.* — All cloud credential actions
• access-management.users.view — View user list
• access-management.users.edit — Edit user access
• access-management.requests.approve — Approve/reject requests

1. 1

   Go to the Permissions tab in Access Management
2. 2

   Select a role to configure
3. 3

   The current permissions for the role are shown
4. 4

   To add a permission: Select it from the available permissions list and click 'Add'
5. 5

   To remove a permission: Find it in the current permissions list and click 'Remove'
6. 6

   Changes take effect immediately for all users with that role

• The Admin role has wildcard permission (*)
• This means admins can do everything without needing individual permissions
• The wildcard cannot be removed from Admin (to prevent lockout)

• Follow the principle of least privilege: Give users only the permissions they need
• Create custom roles for specific team functions (e.g., 'Terraform Operator' with plan and apply permissions)
• Review permissions quarterly to remove unnecessary access
• Log permission changes are tracked in the Activity Stream