Teams & Role-based access control (RBAC)
The Pulumi Cloud offers role-based access control (RBAC) using teams. Teams allow organization admins to assign a set of stack permissions to a group of users.
Creating a Team
By default, all organization admins can create new teams.
To create a team:
- Navigate to Settings > Teams.
- Select Create team.
To give members permission to create teams:
- Navigate to Settings > Access Management.
- Use the toggle to turn on the Allow organization members to create teams setting.
GitHub-based Teams
If your Pulumi organization is backed by GitHub, you can import your existing GitHub teams into Pulumi.
For these teams, membership is managed on GitHub, while the set of stack permissions granted to team members is managed in the Pulumi Cloud.
Team Permissions
By default only organization admins can create teams.
To allow all members to create teams:
- Navigate to Settings > Access Management.
- Use the toggle to turn on the Allow organization members to create teams setting.
Granting Access to Stacks within Teams
Teams can be granted access to stacks, which grants all team members access to those stack based on the selected permission level.
Team Roles
Members of a team can be granted Team admin
or Team member
permissions. Team admins can add members to a
team. By default, any new team members will be assigned the team member role.
To change a team member’s role:
- Navigate to Settings > Teams and then the specific team.
- In the Members section use the action menu item at the end of the table row and select Change role to.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.