Skip to main content
Version: Community Edition v1.2

Role Based Access Control

Manage user permissions in your server and projects with Role Based Access Control (RBAC). This page describes gives an overview of RBAC and how to assign roles to users.

Overview

Semaphore uses a RBAC model to determine what actions users can take in server and projects.

A server Admin or Owner must invite users via their GitHub or BitBucket accounts before they can access the Semaphore server or any of the projects.

Role scopes

Semaphore manages roles at the Server level: these roles allow users to perform various server actions. Users need to be added to the server before they can access projects.

Server roles

Server roles control what actions the users may perform in Semaphore. Users need to be added to the server via their GitHub or BitBucket usernames before they can be granted a role. Only users who are part of the server can log in to Semaphore.

The only exception is when a user is added via the Okta integration.

Member

Server members can access the homepage and the projects they are assigned to. They can't modify any settings.

This is the default role assigned when a user is added to the server.

Among other actions, members can:

For the full list of member permissions, see server roles.

Admin

Admins can modify settings within the server or any of its projects. They do not have access to billing information, and they cannot change general server details, such as the server name and URL.

Only Admins and Owners can invite users to the server.

In addition to the member permissions, admins can:

  • View and manage server settings
  • Invite users to the server
  • Remove people from the server

For the full list of admin permissions, see server roles.

Owner

The owner of the server is the person that created it. A server can have multiple owners. Owners have access to all functionalities within the server and any of its projects. Only Admins and Owners can invite users to the server.

For the full list of owner permissions, see server roles.

To remove an owner, see how to remove an owner.

See also