Requires Enterprise plan. Contact sales for access.
Available roles
| Role | Description |
|---|---|
| Runners Admin | Full admin access to all runners in the organization |
| Projects Admin | Full admin access to all projects in the organization |
| Groups Admin | Full admin access to all groups in the organization |
| Automations Admin | Full admin access to all automations (services and tasks) |
How it works
When you assign an organization role to a group:- All group members receive admin permissions on existing resources of that type
- New resources automatically grant admin access to the group
- Removing the role revokes all related permissions
Assign an organization role
Only organization admins can assign organization roles.- Go to Settings → Members → Groups
- In the groups table, find the group you want to modify
- Toggle the checkbox in the corresponding role column (e.g., Runners Admin, Projects Admin)
Permissions by role
Runners Admin
Members of groups with this role can:| Permission | Granted |
|---|---|
| View all runners | ✅ |
| Create runners | ✅ |
| Update runner settings | ✅ |
| Delete runners | ✅ |
| Share runners with users and groups | ✅ |
| Manage environment classes | ✅ |
| Manage SCM and LLM integrations | ✅ |
| Access runner logs | ✅ |
Projects Admin
Members of groups with this role can:| Permission | Granted |
|---|---|
| View all projects | ✅ |
| Create projects | ✅ |
| Update project settings | ✅ |
| Delete projects | ✅ |
| Share projects with users and groups | ✅ |
| Manage project secrets | ✅ |
| Configure environment classes | ✅ |
| Manage prebuilds | ✅ |
Groups Admin
Members of groups with this role can:| Permission | Granted |
|---|---|
| View all groups | ✅ |
| Create groups | ✅ |
| Update group settings | ✅ |
| Delete groups | ✅ |
| Add and remove group members | ✅ |
Automations Admin
Members of groups with this role can:| Permission | Granted |
|---|---|
| View all automations | ✅ |
| Create automations | ✅ |
| Update automation settings | ✅ |
| Delete automations | ✅ |
| Share automations with users and groups | ✅ |
| View all execution history | ✅ |
Use cases
DevOps team manages infrastructure: Assign Runners Admin to a “DevOps” group so they can create and configure runners without full org admin access. Team leads manage their projects: Assign Projects Admin to a “Tech Leads” group so they can manage project settings and secrets across the organization. HR manages team membership: Assign Groups Admin to an “HR” group so they can add and remove members from groups as people join or leave. Platform team manages automations: Assign Automations Admin to a “Platform” group so they can create and maintain organization-wide automations.Combining roles
A group can have multiple organization roles. For example, a “Platform Engineering” group might have both Runners Admin and Automations Admin roles. When a user belongs to multiple groups with different roles, they receive the combined permissions from all their groups.Next steps
- Create groups to organize your team
- Share resources for fine-grained access control
- Manage members to invite teammates