For organizations not in the Team Pro plan, users ...
# general
For organizations not in the Team Pro plan, users added have the “Member” role. What are the permissions of this role? The documentation mentions the ability to set default stack permissions for an organization but that does not seem to be visible in the settings view.
The documentation mentions:
This only applies to newer organizations on the per-member subscription plan. Organizations billed per stack have slightly different rules regarding membership.
Where are the rules for organizations billed per stack?
Organizations on the per-stack plan will just have the organization membership come from the backing provider, e.g. GitHub. (So GitHub organization administrators will have the ADMIN role in Pulumi, and GitHub organization members will have the MEMBER role in Pulumi.) Users with the ADMIN role in the organization have access to all stacks. Whereas users with the MEMBER role only have the “organization’s default stack access” applied by default. (But can be granted additional permissions by their memberships in Teams, etc.)
If you are an administrator of the Pulumi organization, you can see/update the organization’s default stack permission on the “Access” page. The URL is something like:<your-org>/settings/access
What if the organization does not have a backing provider and was made with email/password login?
Also, the “Access” page seems to be a “Pro” feature but Team Starter allows up to 3 team members and new team members are added with a “Member” role
Ah, I see. Yes. For Organizations on the Team Starter plan, you cannot set more granular per-user permissions. (E.g. have Teams, etc.) Every member of the Pulumi organization with the MEMBER role will have read/write access to all stacks.
Gotcha, thanks for clarifying!
One more question, is the “Stack Deletion” option in the “Access” page relevant only for stack created by a user? What if the base permission is set to “NONE”, what does turning off “Stack Deletion” mean?