Organization Members
You can invite someone to join your organization by email. Once they accept the invitation, they will have access to the organization and all its projects based on their assigned role.Accessing Members Settings
1
Open Organization Settings
Click the Wheel button (⚙️) on the left navigation bar
2
Navigate to Members Section
Open the Members section within the organization settings
Inviting Members
- Click the Invite Member button
- Enter the member’s email address
- Select a role (see Default Roles below)
- Click Send Invitation
Changing the role of a member requires the user to logout/login to make the changes effective or wait a few minutes (max 1 hour).
Default Roles
Qovery provides 5 default roles with predefined permissions:Owner
The user has full access to the organization. Only one user can be the owner of the organization.Admin
Same as the owner, the user has full access to the organization but cannot delete it.DevOps
The user can manage the organization infrastructure (clusters/registry/webhook setup) and manage the deployments of any environment within the organization.Billing Manager
The user can only manage the billing of the organization.Viewer
The user has read-only access to any section of the organization.Permissions Matrix
| Action | Owner | Admin | DevOps | Billing Manager | Viewer |
|---|---|---|---|---|---|
| Read organization | yes | yes | yes | yes | yes |
| Edit organization | yes | yes | no | no | no |
| Delete organization | yes | no | no | no | no |
| Manage billing | yes | yes | no | yes | no |
| Manage members & roles | yes | yes | no | no | no |
| Manage cluster & container registry | yes | yes | yes | no | no |
| Manage organization setup | yes | yes | yes | no | no |
| Read ANY project | yes | yes | yes | no | yes |
| Edit/Delete ANY project | yes | yes | no | no | no |
| Create project | yes | yes | no | no | no |
| Read ANY environment | yes | yes | yes | no | yes |
| Edit/Delete ANY environment or service | yes | yes | no | no | no |
| Create environment or service | yes | yes | no | no | no |
| Add/Edit/Delete environment variables and secrets | yes | yes | yes | no | no |
| Deploy/Stop ANY environment or service | yes | yes | yes | no | no |
| Connect via shell to ANY application | yes | yes | yes | no | no |
Custom Roles
You can create custom roles to fine-tune access control for your organization members. Custom roles allow you to define permissions at two levels: cluster level and project level.
Cluster Level Permissions
You can define the following permissions at the cluster level:- Read-Only: The user can access the cluster information (name, region etc..). Minimum permission level.
- Create Environment: The user can create environments on this cluster…Further environment level permissions…are managed via the ‘Project Permissions’
- Full Access: The user can create environments on this cluster and as well manage the cluster’s settings (start/stop, change number and type of nodes etc..)
Project Level Permissions
You can define permissions for each environment type (development, staging, production, preview) within a project:- No Access: The user has no access to this environment type
- Read-Only: Access in read-only to this environment type. Useful to restrict access on sensitive environments
- Deploy: Manage the deployments of this environment type, access the logs, connect via SSH
- Manage: Manage the deployments and the settings of this environment type
- Full Access: The user is admin of the project and can do everything he wants on it
Transfer Ownership
You can transfer ownership of the organization to another member. To do so:- Navigate to the Members section in organization settings
- Click on the member you want to transfer ownership to
- Select Transfer Ownership from the menu
- Confirm the transfer