

Default roles

Default roles are available to all Semaphore users, regardless of the plan they are on.

Role name	Permissions	Notes
Member	Can create new projects. Can view existing notifications and settings.
Admin	Can do everything a member can. Can view, manage, and modify everything within the organization (people, secrets, pre-flight checks, notifications, etc), except general settings and financial information.	Each of the organization's Admins is also Admin within every project owned by the given organization automatically.
Owner	Can do everything within the organization, including changing general settings and deleting it.	By default, this role is assigned to the user that creates the organization. Each of the organization's Owners is also Admin within every project owned by the given organization.

Role name	Permissions	Notes
Reader	Can view project activity, workflows, and jobs executed within those workflows.	Intended for someone who should monitor what is being done, but isn't a developer and shouldn't modify anything. Perhaps an Engineering Project Manager.
Contributor	Can manually run, modify and stop workflows/jobs. Can view project-level secrets and organization-wide secrets scoped for the given project. Can attach to running jobs or debug jobs and projects. Can view schedulers, project insights, and repository info. Can manually run schedulers. Can view, modify and delete artifacts for that project.	For developers who are currently working on the project, but aren't responsible for maintaining it and setting up/modifying the environment in which the project exists.
Admin	Can do everything within the project, including deleting it.	By default, this role is assigned to the user that created the project, and this user is a primary repository token holder.