Users
When you sign up for a HashiCorp Cloud Platform (HCP) account for the first time, the HCP Portal takes you to the create organization page to set up your organization. You can invite additional users to the organization so that they can access the resources.
This page describes how to add users to your HashiCorp Cloud Platform (HCP) account and manage their access to resources.
Invite users
Use the following procedure to invite users into your organization using email. Organization admin role is required to invite and manage users.
Note
If Single Sign-On is enabled, manage the users through the configured identity providers instead. The option to manually invite users as described in this section will not be available.
- Log into HCP Portal and choose your organization.
- Click Access Control (IAM) in the sidebar and click +Invite user.
- Enter their email address and click Add. You can repeat this step to continue adding users.
- Choose a role from the Assign role drop-down menu and click Invite. Refer to the User Permissions for information about the roles you can assign.
Manage users
You can remove user access or change roles from the Users screen. You must been assigned an admin role to invite and manage users.
- Log into HCP Portal and choose your organization.
- Click Access Control (IAM) in the sidebar.
- Click on a user name.
- You can perform the following actions:
- Click Remove to delete the user from your organization.
- Choose a new role from the Role drop-down menu.
- Click Save.
User permissions
Depending on the assigned roles, users have different level of permissions to perform actions in HCP.
Note
Users at the project level inherit permissions from the organization level. Project-level permissions that are more permissive can override the organization-level role. For example, you can assign a user viewer role on the organization level but assign a contributor role to a particular project within the organization.
Organization role
The following tables describe organization role permissions.
| HCP Organization Permissions | Viewer | Contributor | Admin | Owner |
|---|---|---|---|---|
| Add and delete users | x | x | ||
| Manage user permissions | x | x | ||
| View users | x | x | x | x |
| Manage service principals | x | x | ||
| Manage groups | x | x | ||
| View current billing status | x | x | x | x |
| Create projects | x | x | x | |
| View HCP resources | x | x | x | x |
| Request Organization Deletion | x |
Project role
The following tables describe project role permissions.
| HCP Project Permissions | Project Viewer | Project Contributor | Project Admin |
|---|---|---|---|
| View project | x | x | x |
| Edit project permissions | x | ||
| Delete project | x | ||
| Create and delete project resources | x | x | |
| Manage project service principals | x | ||
| Manage group role for project | x |
Assign a project role
To narrow the scope of user permissions, you can set a role on the project level. To add a user to a project, you have to invite the user to the organization first.
- Select the target project.
- Click Access Control (IAM) in the sidebar.
- Select the username.
- From the Role drop-down menu, choose a project-level role to assign to the user. Refer to the project role tables for information about the roles you can assign.