Acquia Copilot is a conversational AI connected into our product documentation and knowledge base. Ask Copilot about product features, technical details, troubleshooting and how to get started with Acquia products.
A role is a collection of permissions to perform specific operations. Grouping permissions into roles makes it easier to give and revoke permission to users, based on their job functions. When you assign a user to a team in the Cloud Platform user interface, you assign to them a role defining what they can and cannot do on the team’s applications and environments.
The following actions are available on the Manage > Roles page for an organization:
The notifications API provides detailed audit logs at the organizational level, capturing all actions and events related to teams and permissions through the Cloud Platform user interface. This includes events such as team and role creation, user additions and removals, and changes to team memberships. With this feature, you can effectively audit your teams and permission changes, maintain compliance with comprehensive log requirements, and ensure FedRAMP compliance.
If you have many custom roles, you can filter the roles displayed on the Roles page. To filter roles, enter text in the Filter Roles field. As you type, the Roles page displays only the roles whose name matches your filter string.
Viewing a role’s permissions
You can view the permissions granted to a role by clicking View next to the role’s name. You can also view the permissions by comparing two or more roles.
Default roles
Each organization has the following default roles based on its associated entitlements:
Administrator
Team Lead
Senior Developer
Developer
CMS user
If the allocation of permissions to these roles matches your workflow and business needs, you can use them as-is. You can also create new custom roles or edit the default roles so that their permissions work best with the way your organization runs.
You can’t edit the Administrator role; it always includes all possible permissions. An Administrator has that role for the entire organization; it isn’t limited by membership on a team. An organization’s Owner or Administrator can edit the other default roles (including changing the name of a default role) and can create, edit, and remove custom roles.
Comparing roles
You can select two or three existing roles and compare their permissions. To compare roles:
The Compare roles page displays the permissions for the roles you selected. Permissions granted to a role display a green checkbox, while permissions not granted to a role display a black lock icon.
Creating a custom role
An Owner or Administrator can create custom roles in an organization, in addition to the default roles (Administrator, Team lead, Senior developer, and Developer). A custom role can be created only if the organization includes at least one team. After you create a custom role, you can assign it to team members in the organization instead of or in addition to a default role.
(Optional) Select an existing role whose permissions you want to copy as a starting point. For more information, see Copying a role.
Select the permissions you want to give to the new custom role.
Click Create role.
Editing a role
You can edit an existing role, including the default Team lead, Senior developer, and Developer roles, and any custom roles created for your organization. You can’t edit the Administrator or Owner roles; those users always have all possible permissions.
Add a permission to the role by selecting its checkbox; remove a permission by clearing the checkbox for that permission. You can also copy an existing role, update it, or select all or none of the permissions.
Click Update role.
After a role is modified, its description lists the user who last edited it.
Deleting a role
You can delete a custom role, but you cannot delete the default roles.
Note
You cannot delete a custom role when an invite for that role is pending. The invite must be removed before the role can be deleted.
You may want to create or edit a role so it has most of the permissions of an existing role, but differs by a few permissions. While creating or editing a role, you can copy the permission set of a different existing role. To copy an existing role, select the role you want to copy from in the menu under Copy permissions from existing role. Cloud Platform sets the current role’s permissions to be the same as the other role. Make the permission modifications you want, and click Update role.
Assigning roles to users
You assign one or more roles to a user when you add or invite them to a team in the organization. A user can have different roles on different teams. You can also change the roles assigned to a user on the Members section of the Organizations > Team management page. For more information, see Managing team members.
Assigning the Administrator role to a user with a different role
To upgrade the role of an existing member to the Administrator role:
Specify the email address of the existing user who you want to assign the Administrator role.
Click Continue > Invite.
The system sends an email invite to the user. This user must accept the invitation. For such a user, the details appear twice in the team list, once as an Administrator and another as the other role they belong to.
A role is a collection of permissions to perform specific operations. Grouping permissions into roles makes it easier to give and revoke permission to users, based on their job functions. When you assign a user to a team in the Cloud Platform user interface, you assign to them a role defining what they can and cannot do on the team’s applications and environments.
The following actions are available on the Manage > Roles page for an organization:
The notifications API provides detailed audit logs at the organizational level, capturing all actions and events related to teams and permissions through the Cloud Platform user interface. This includes events such as team and role creation, user additions and removals, and changes to team memberships. With this feature, you can effectively audit your teams and permission changes, maintain compliance with comprehensive log requirements, and ensure FedRAMP compliance.
If you have many custom roles, you can filter the roles displayed on the Roles page. To filter roles, enter text in the Filter Roles field. As you type, the Roles page displays only the roles whose name matches your filter string.
Viewing a role’s permissions
You can view the permissions granted to a role by clicking View next to the role’s name. You can also view the permissions by comparing two or more roles.
Default roles
Each organization has the following default roles based on its associated entitlements:
Administrator
Team Lead
Senior Developer
Developer
CMS user
If the allocation of permissions to these roles matches your workflow and business needs, you can use them as-is. You can also create new custom roles or edit the default roles so that their permissions work best with the way your organization runs.
You can’t edit the Administrator role; it always includes all possible permissions. An Administrator has that role for the entire organization; it isn’t limited by membership on a team. An organization’s Owner or Administrator can edit the other default roles (including changing the name of a default role) and can create, edit, and remove custom roles.
Comparing roles
You can select two or three existing roles and compare their permissions. To compare roles:
The Compare roles page displays the permissions for the roles you selected. Permissions granted to a role display a green checkbox, while permissions not granted to a role display a black lock icon.
Creating a custom role
An Owner or Administrator can create custom roles in an organization, in addition to the default roles (Administrator, Team lead, Senior developer, and Developer). A custom role can be created only if the organization includes at least one team. After you create a custom role, you can assign it to team members in the organization instead of or in addition to a default role.
(Optional) Select an existing role whose permissions you want to copy as a starting point. For more information, see Copying a role.
Select the permissions you want to give to the new custom role.
Click Create role.
Editing a role
You can edit an existing role, including the default Team lead, Senior developer, and Developer roles, and any custom roles created for your organization. You can’t edit the Administrator or Owner roles; those users always have all possible permissions.
Add a permission to the role by selecting its checkbox; remove a permission by clearing the checkbox for that permission. You can also copy an existing role, update it, or select all or none of the permissions.
Click Update role.
After a role is modified, its description lists the user who last edited it.
Deleting a role
You can delete a custom role, but you cannot delete the default roles.
Note
You cannot delete a custom role when an invite for that role is pending. The invite must be removed before the role can be deleted.
You may want to create or edit a role so it has most of the permissions of an existing role, but differs by a few permissions. While creating or editing a role, you can copy the permission set of a different existing role. To copy an existing role, select the role you want to copy from in the menu under Copy permissions from existing role. Cloud Platform sets the current role’s permissions to be the same as the other role. Make the permission modifications you want, and click Update role.
Assigning roles to users
You assign one or more roles to a user when you add or invite them to a team in the organization. A user can have different roles on different teams. You can also change the roles assigned to a user on the Members section of the Organizations > Team management page. For more information, see Managing team members.
Assigning the Administrator role to a user with a different role
To upgrade the role of an existing member to the Administrator role:
Specify the email address of the existing user who you want to assign the Administrator role.
Click Continue > Invite.
The system sends an email invite to the user. This user must accept the invitation. For such a user, the details appear twice in the team list, once as an Administrator and another as the other role they belong to.
Cloud Platform