Start Building for Free
CircleCI.comAcademyBlogCommunitySupport

Roles and permissions

2 months ago2 min read
Cloud
On This Page

Manage user access to organizations and projects with CircleCI roles and associated permissions. By default, users can access projects based on roles set at an organization level. For more granular control, you can assign roles at the project level. Manage roles for groups of users with groups.

Quickstart

For instructions on managing roles and permissions, see the Manage roles and permissions page. For more information on managing project roles for groups of users, see the manage-groups page.

Organization role permissions matrix

The table below shows the permissions associated with each CircleCI organization role:

ACTIONSORGANIZATION ROLES

Admin

Contributor

Viewer

Organization

Create namespace

Manage namespace

View org settings

Manage org settings

View org access

Manage org access

View org credentials

View org policies

Manage org policies

View org connections

Manage org connections

Manage org credentials

View org audit logs

View plan

Manage plan

Insights

View org insights

Runner

View runners

Manage runners

Projects

View projects

Create projects

Manage project settings

Contexts

View contexts

Use contexts

Edit context variables

Manage contexts

Orbs

Create/update orb

View private orb

Publish dev orb

Publish orb

Webhooks

View org webhooks

Manage org webhooks

View project webhooks

Manage project webhooks

Schedule

View schedule

Edit schedule

Triggers

View triggers

Trigger build

Edit triggers

Config sources

View config sources

Edit config sources

Releases

Create release environment

Delete release environment

View release environment

Create environment token

Revoke environment token

List environment token

View components

View releases

Project role permissions matrix

The table below shows the permissions associated with each CircleCI project role:

ACTIONSPROJECT ROLES

Admin

Contributor

Viewer

Projects

View projects

View project access

View project credentials

Manage project

Webhooks

View project webhooks

Manage project webhooks

Schedule

View schedule

Edit schedule

Triggers

View triggers

Trigger build

Edit triggers

Contexts

View contexts

Use contexts

Edit context variables

Manage contexts

Config sources

View config sources

Edit config sources

Releases

Restore component version

Restart component

Scale component

Cancel release

Promote release steps

Retry release

Permissions scope

Your CircleCI roles and associated permissions are not derived from the permissions set in your VCS (version control system). Your CircleCI role permissions do not allow you to bypass permissions in the VCS.

For example, you may be an Organization Administrator within CircleCI, which gives you access to view and modify organization and project settings within your CircleCI organization. However, you will not be able to edit a project’s .circleci/config.yml hosted in your VCS without your user also having the write permissions within that VCS’s repository project. Your CircleCI user’s VCS permissions are determined by its associated VCS identity.

Role hierarchy across groups and individuals

Users can have roles assigned to them both individually and as part of a group. The highest role always applies. For example, if a user has the role of admin assigned for a project, and that user is also part of a group with the role of contributor for the project, the user will still have admin permissions for the project.


Suggest an edit to this page

Make a contribution
Learn how to contribute