The Pulumi Console offers role-based access control (RBAC) using teams. Teams allow organization admins to assign a set of stack permissions to a group of users.
Members of a team can be granted
Team admin or
Team member permissions. Team admins can add members to a
team. Both team admins and team members can grant stack access to a team. By default, any new team members will be
assigned the team member role. To change a team member’s role, use the ellipsis menu item at the end of the table row.
Creating a Team
Organization admins can add a new team by going to the organization’s Teams tab and selecting Create team. Organization members can also be granted permissions to create teams from the Access section of the organization Settings tab. Any member who creates a team will automatically be assigned the team admin role.
If your Pulumi organization is backed by GitHub, you can import your existing GitHub teams into Pulumi.
For these teams, membership is managed on GitHub, while the set of stack permissions granted to team members is managed on the Pulumi Console.
Team / Stack Permissions
Membership within a team will grant a Pulumi user a specific permission level for each
stack in the team. For example, members of
network-team may have
Stack write access to the
backend/production stack, but only
Stack read access to