1. Docs
  2. Pulumi Cloud
  3. Access management
  4. Teams & RBAC

Teams & Role-based access control (RBAC)

    Teams are only available to organizations using Pulumi Enterprise Edition and Pulumi Business Critical Edition. To learn more about editions visit the pricing page.

    The Pulumi Cloud offers role-based access control (RBAC) using teams. Teams allow organization admins to assign a set of stack permissions to a group of users.

    Creating a Team

    By default, all organization admins can create new teams.

    To create a team:

    1. Navigate to Settings > Teams.
    2. Select Create team.

    To give members permission to create teams:

    1. Navigate to Settings > Access Management.
    2. Use the toggle to turn on the Allow organization members to create teams setting.

    GitHub-based Teams

    If your Pulumi organization is backed by GitHub, you can import your existing GitHub teams into Pulumi.

    For these teams, membership is managed on GitHub, while the set of stack permissions granted to team members is managed in the Pulumi Cloud.

    Team Permissions

    By default only organization admins can create teams.

    To allow all members to create teams:

    1. Navigate to Settings > Access Management.
    2. Use the toggle to turn on the Allow organization members to create teams setting.

    Granting Access to Stacks within Teams

    Teams can be granted access to stacks, which grants all team members access to those stack based on the selected permission level.

    Editing team stacks and permissions

    Team Roles

    Members of a team can be granted Team admin or Team member permissions. Team admins can add members to a team. By default, any new team members will be assigned the team member role.

    To change a team member’s role:

    1. Navigate to Settings > Teams and then the specific team.
    2. In the Members section use the action menu item at the end of the table row and select Change role to.
      Introducing Pulumi Copilot - Intelligent Cloud Management