https://pulumi.com logo
#general
Title
# general
p

prehistoric-account-60014

03/02/2020, 8:49 PM
For organizations not in the Team Pro plan, users added have the “Member” role. What are the permissions of this role? The documentation mentions the ability to set default stack permissions for an organization but that does not seem to be visible in the settings view.
The documentation mentions:
This only applies to newer organizations on the per-member subscription plan. Organizations billed per stack have slightly different rules regarding membership.
Where are the rules for organizations billed per stack?
c

colossal-beach-47527

03/02/2020, 9:07 PM
Organizations on the per-stack plan will just have the organization membership come from the backing provider, e.g. GitHub. (So GitHub organization administrators will have the ADMIN role in Pulumi, and GitHub organization members will have the MEMBER role in Pulumi.) Users with the ADMIN role in the organization have access to all stacks. Whereas users with the MEMBER role only have the “organization’s default stack access” applied by default. (But can be granted additional permissions by their memberships in Teams, etc.)
If you are an administrator of the Pulumi organization, you can see/update the organization’s default stack permission on the “Access” page. The URL is something like: https://app.pulumi.com/<your-org>/settings/access
p

prehistoric-account-60014

03/02/2020, 9:21 PM
What if the organization does not have a backing provider and was made with email/password login?
Also, the “Access” page seems to be a “Pro” feature but Team Starter allows up to 3 team members and new team members are added with a “Member” role
c

colossal-beach-47527

03/02/2020, 10:12 PM
Ah, I see. Yes. For Organizations on the Team Starter plan, you cannot set more granular per-user permissions. (E.g. have Teams, etc.) Every member of the Pulumi organization with the MEMBER role will have read/write access to all stacks.
p

prehistoric-account-60014

03/02/2020, 10:38 PM
Gotcha, thanks for clarifying!
One more question, is the “Stack Deletion” option in the “Access” page relevant only for stack created by a user? What if the base permission is set to “NONE”, what does turning off “Stack Deletion” mean?
3 Views