Role-Based Access Control (RBAC)

Search…
Learn how to manage Users with Roles in Humanitec.
Introduction
Humanitec allows developers in your team or from across your Organization to collaborate on tasks related to delivering software. Users can be invited to join an Organization in Humanitec. They can sign in using their existing GitHub or Google accounts. Users can work on specific Apps with permissions to perform certain actions such as Deploy to Production based on Roles that are granted by Organization Administrators and Managers.
Managing access with Roles
Humanitec uses Roles to assign privileges to Users in a system. Roles encapsulate the granular permissions that a User will need in order to perform certain tasks associated with their job. Each User can have Roles in specific Organizations, Applications, and Environment Types.
Example
A User with the Developer Role is able to update the configuration for an App the User has access to. But the User cannot delete the App.
A User with the Viewer Role will not be able to make updates to the configuration.
Organization Roles
Organization Roles cover permissions that affect the entire Organization in Humanitec. This includes User Management, API Tokens, Images, Resources, and Apps.
Role
Description
Member
Can access Apps they have a Role for.
Manager
Same as the Member Role. In addition, can invite and remove Users from the Organization in Humanitec, issue API Tokens, and create Apps.
Administrator
Has full access to everything within the Organization in Humanitec.
Notes
The User who originally created the Organization will have the Administrator Role by default.
There must always be at least one User in the Organization with the Administrator Role.
The Administrator is the only Role that can update Resources.
Inviting Users to an Organization
An Organization Administrator or Manager (see Organization Roles) can invite new users to join an existing Organization in Humanitec. An invitation involves sending an email that contains a one-time link that the invited User can follow to associate either their GitHub or Google account with the Organization in Humanitec. The link will expire after 7 days. If the link has expired before a User has accepted the invite, a new invite can be sent.
Users can be invited to an existing Organization from the Organization Settings. Note that only Organization Administrators and Managers can invite users.
UI
CLI
API
Select Organization settings from the Organization menu.
In Organization Settings, select the Organization members tab.
Add the email address of the User to invite in the Email text box on the left hand side.
Select a role for the User to invite from the Role dropdown on the right hand side. Be aware that you will only have the option to invite Administrators to your Organization if you are an Administrator yourself.
Click the Send invite button.
Add new organization members
Our CLI is currently in closed beta. Please contact us if you want to learn more.
Users can be invited to an Organization via the Invitations endpoint.
Application Roles
Application Roles cover permissions that affect a specific App.
Role
Description
Viewer
Has read-only access to the App.
Developer
Can update Configuration, Shared Values and Secrets, and create Environments.
Owner
Same as the Developer Role, but can additionally configure Webhooks, invite and remove Users from the App, and delete the App.
Notes
The User who originally created the App will have the Owner Role by default.
Developer and Owner Roles can only create or deploy to Environments with the Environment Type they have the Deployer Role for.
An Owner will not be able to delete an App unless they have the Deployer Role for all the Environment Types used in the App.
Adding Users to an App
Application Roles can be managed in the App Settings Screen. Note that only Organization Administrators and App Owners can grant Application Roles.
UI
CLI
API
Select App settings at the top of the App Details Screen.
In App Settings, scroll down to the App members section.
Select + Add members to enter the email address or name of the User to add.
Select a role for the User to add from the Role dropdown.
Click the Add button.
User Roles for existing members can be changed on the App Members list.
Add new app members
Our CLI is currently in closed beta. Please contact us if you want to learn more.
Users can be added to an App via the Apps endpoint.
Environment Type Roles
At this time, there is only one Role for Environment Types.
Role
Description
Deployer
If a User has the Developer or Owner Role of an App, they can create, deploy, and delete Environments of this Environment Type.
Notes
All Users have the Deployer Role for the default Environment Type development.
Managing Deployers for Environment Types
Environment Type Roles can be managed from the Organization Settings. Note that only Organization Administrators can grant Environment Type Roles.
1.Select Organization settings from the Organization menu.
2.In Organization Settings, select the Environment Types tab.
3.Select the Deployers button on the Environment Type you would like to configure. This will open a configuration pop up.
4.On the pop up, add the email address or name of the User you would like to add as a Deployer.
5.Click the Done button.
Manage deployers for Environment Types
Guides - Previous
Manage Users & Permissions
Manage API Tokens
Last modified 3mo ago
Copy link
On this page
Introduction
Managing access with Roles
Example
Organization Roles
Notes
Inviting Users to an Organization
Application Roles
Notes
Adding Users to an App
Environment Type Roles
Notes
Managing Deployers for Environment Types