Learn how to manage Users with Roles in Humanitec.
Introduction
Humanitec allows developers in your team or from across your Organization to collaborate on tasks related to delivering software. Users can be invited to join an Organization in Humanitec. They can sign in using their existing GitHub or Google accounts. Users can work on specific Apps with permissions to perform certain actions such as Deploy to Production based on Roles that are granted by Organization Administrators and Managers.
Managing access with Roles
Humanitec uses Roles to assign privileges to Users in a system. Roles encapsulate the granular permissions that a User will need in order to perform certain tasks associated with their job. Each User can have Roles in specific Organizations, Applications, and Environment Types.
Example
A User with the Developer Role is able to update the configuration for an App the User has access to. But the User cannot delete the App.
A User with the Viewer Role will not be able to make updates to the configuration.
Organization Roles
Organization Roles cover permissions that affect the entire Organization in Humanitec. This includes User Management, API Tokens, Images, Resources, and Apps.
Role
Description
Member
Can access Apps they have a Role for.
Manager
Same as the Member Role. In addition, can invite and remove Users from the Organization in Humanitec, issue API Tokens, and create Apps.
Administrator
Has full access to everything within the Organization in Humanitec.
Notes
The User who originally created the Organization will have the Administrator Role by default.
There must always be at least one User in the Organization with the Administrator Role.
The Administrator is the only Role that can update Resources.
Inviting Users to an Organization
An Organization Administrator or Manager (see Organization Roles) can invite new users to join an existing Organization in Humanitec. An invitation involves sending an email that contains a one-time link that the invited User can follow to associate either their GitHub or Google account with the Organization in Humanitec. The link will expire after 7 days. If the link has expired before a User has accepted the invite, a new invite can be sent.
Users can be invited to an existing Organization from the Organization Settings. Note that only Organization Administrators and Managers can invite users.
1.
Select Organization settings from the top right dropdown menu.
2.
In Organization Settings, select the Organization members tab.
3.
Add the email address of the User to invite in the Email text box on the left hand side.
4.
Select a role for the User to invite from the Role dropdown on the right hand side. Be aware that you will only have the option to invite Administrators to your Organization if you are an Administrator yourself.
5.
Click the Send invite button.
Add new organization members
Application Roles
Application Roles cover permissions that affect a specific App.
Role
Description
Viewer
Has read-only access to the App.
Developer
Can update Configuration, Shared Values and Secrets, and create Environments.
Owner
Same as the Developer Role, but can additionally configure Webhooks, invite and remove Users from the App, and delete the App.
Notes
The User who originally created the App will have the Owner Role by default.
Developer and Owner Roles can only create or deploy to Environments with the Environment Type they have the Deployer Role for.
An Owner will not be able to delete an App unless they have the Deployer Role for all the Environment Types used in the App.
Adding Users to an Application
Application Roles can be managed in the App Settings Screen. Note that only Organization Administrators and App Owners can grant Application Roles.