Get Started on Cloud
BasicsPipelinesActions & ServicesEnvironmentsIntegrationsTargetsTestsDomainsSandboxesAgents & TunnelsYAMLBuddy GitFAQCLIAPI

User Roles

View as Markdown

How to use user roles?

Roles give you the ability to grant or restrict access of users in your workspace. You can edit them via the People tab.

Image loading...Accessing roles

Default user roles

Buddy ships with three predefined roles that cannot be edited or deleted: project manager, developer and viewer.

  • Project Manager has full access to the code, pipelines, environments, and sandboxes settings, as well as the project members.
  • Developer has read/write access to the code, full access to pipelines, environments, and sandboxes but can only view the project members.
  • Viewer has read-only access to the code and view-only access to the rest of the project, with the ability to use environments but not modify them.
Info
Other than administrator, roles are specified per project.

Defining a custom role

To create a custom role, open Members, Groups & Roles, switch to the Roles tab and click Create a new role. Provide a Role name (e.g. Client, Guest) and an optional Description that explains what the role can or cannot do.

Image loading...Adding a custom role

A role is defined by eight modules. Each module has its own access scope:

1. Project Team

  • View-only - can see the list of project members.
  • Manage - can add, remove, and edit project members and their roles.

2. Source

  • Read-only - can only view the code.
  • Read-write - can make changes to the code.
  • Manage - complete control over repository settings.

3. Pipelines

  • None (Deny) - pipelines will not be displayed.
  • View-only - can only view pipelines and pipeline analytics.
  • Run-only - can only run pipelines, without the ability to edit them.
  • Manage - full access to pipeline configuration and execution.

4. Sandboxes

  • None (Deny) - the sandboxes tab will always appear empty.
  • View-only - can only view the sandbox Activity tab.
  • Manage - full access to creating and managing sandboxes.

5. Environments

  • None (Deny) - environments are hidden.
  • Use - can run pipelines assigned to the environment.
  • Manage - full access to creating and editing environments.

6. Artifacts

  • None (Deny) - artifacts are hidden.
  • Use - can download and consume artifacts produced by pipelines.
  • Publish - can publish new artifacts in addition to using them.
  • Manage - full access to artifact configuration and lifecycle.

7. Targets

  • None (Deny) - targets are hidden.
  • View-only - can see the list of targets but cannot use them in pipelines.
  • Use - can use targets in pipeline actions.
  • Manage - full access to creating and editing targets.

8. Agents

  • None (Deny) - agents are hidden.
  • View-only - can see the list of agents but cannot use them.
  • Use - can run pipelines on the project's agents.
  • Manage - full access to adding, editing, and removing agents.
Info
Setting the Project Team scope to Manage forces this scope across all other modules.

Related topics

Last modified on May 19, 2026

Previous pageUser managementNext pagePipeline permissions