Getting started
Reference
Memberships

Memberships

Team memberships control who can access your team and what they can do. Each user belongs to a team through a membership, which has an assigned role.

Roles

Teams have four roles, from lowest to highest privilege:

  • Read-only: View-only access to team resources
  • Member: Standard team member access for day-to-day operations
  • Admin: Full operational control over apps and infrastructure
  • Owner: Complete team control including membership management

Role Permissions

PermissionRead-onlyMemberAdminOwner
View apps, add-ons, processes, deployments, and logs
Deploy apps
Manage variables
Create and run tasks
Create releases
Modify apps, processes, add-ons, domains, and commands
Approve releases
Manage team memberships and access rights
Delete team and manage VPCs

Access Rights

Access rights allow you to grant specific permissions to lower-privileged roles on a per-app basis. This is useful when you want to give a member or read-only user additional capabilities for specific apps without promoting their entire role.

Available Access Rights

Access RightDescription
View SecretsView secret variable values (normally hidden from read-only users)
Modify AppModify app settings, processes, healthchecks, domains, and variables
Console AccessAccess interactive console sessions for the app via Web or CLI
Modify CommandsCreate, edit, and delete scheduled commands
Launch TasksLaunch background tasks (non-console)
Modify Add-onsCreate, edit, and delete add-ons
DeployDeploy applications and create deployments
ApproveApprove releases for deployment

How Access Rights Work

  1. Access rights are configured per membership
  2. Each access right can be scoped to a specific app or granted for all apps
  3. Access rights override role restrictions for the specific permissions they grant
  4. Multiple access rights can be combined for fine-grained control

Managing Memberships

Via Web Interface

  1. Navigate to Team SettingsMembers
  2. Click Invite Member to add new users
  3. Click on a member to edit their role or access rights
Access Control