For organizations not in the Team Pro plan, users ...
# generalp
prehistoric-account-60014
03/02/2020, 8:49 PMFor organizations not in the Team Pro plan, users added have the “Member” role. What are the permissions of this role? The documentation mentions the ability to set default stack permissions for an organization but that does not seem to be visible in the settings view.
prehistoric-account-60014
03/02/2020, 8:51 PMThe documentation mentions:
This only applies to newer organizations on the per-member subscription plan. Organizations billed per stack have slightly different rules regarding membership.Where are the rules for organizations billed per stack?
c
colossal-beach-47527
03/02/2020, 9:07 PMOrganizations on the per-stack plan will just have the organization membership come from the backing provider, e.g. GitHub. (So GitHub organization administrators will have the ADMIN role in Pulumi, and GitHub organization members will have the MEMBER role in Pulumi.)
Users with the ADMIN role in the organization have access to all stacks. Whereas users with the MEMBER role only have the “organization’s default stack access” applied by default. (But can be granted additional permissions by their memberships in Teams, etc.)
colossal-beach-47527
03/02/2020, 9:08 PMIf you are an administrator of the Pulumi organization, you can see/update the organization’s default stack permission on the “Access” page. The URL is something like:
https://app.pulumi.com/<your-org>/settings/access
p
prehistoric-account-60014
03/02/2020, 9:21 PMWhat if the organization does not have a backing provider and was made with email/password login?
prehistoric-account-60014
03/02/2020, 9:22 PMAlso, the “Access” page seems to be a “Pro” feature but Team Starter allows up to 3 team members and new team members are added with a “Member” role
c
colossal-beach-47527
03/02/2020, 10:12 PMAh, I see. Yes. For Organizations on the Team Starter plan, you cannot set more granular per-user permissions. (E.g. have Teams, etc.)
Every member of the Pulumi organization with the MEMBER role will have read/write access to all stacks.
p
prehistoric-account-60014
03/02/2020, 10:38 PMGotcha, thanks for clarifying!
prehistoric-account-60014
03/03/2020, 3:49 AMOne more question, is the “Stack Deletion” option in the “Access” page relevant only for stack created by a user? What if the base permission is set to “NONE”, what does turning off “Stack Deletion” mean?
3 Views