Set permissions

In HCP Terraform you can set individual permissions and sets of permissions to control what your users can do. You can assign permissions at the organization, project, and workspace levels to control user access and the actions they can take.

Hands-on: Try the Manage Permissions in HCP Terraform tutorial.

Background

Note: Team management is available in HCP Terraform Essentials, Standard, and Premium editions. Refer to HCP Terraform pricing for details.

If you are in an HCP Terraform organization, you can manage user access and permissions through teams.

Each permission a user is granted is additive. HCP Terraform grants a user the highest permissions possible, regardless of whether that permission was set by an organization, project, or workspace. To learn more, refer to Effective permissions.

The following sections explain how to set permissions in HCP Terraform:

HCP Europe organizations

In an HashiCorp Cloud Platform (HCP) Europe organization, you manage user access through groups. To learn how to set up groups and assign users to them in HCP, refer to Groups. To learn more about HCP Europe, refer to Use HCP Terraform in Europe.

You can assign permissions to groups in the following ways:

HCP roles: You can assign HCP roles to groups in HCP, and those roles automatically grant permissions in HCP Terraform.
HCP Terraform roles: Assign additional permissions at the organization, project, and workspace level to further refine group access in HCP Terraform.

Each permission a user is granted is additive. HCP Terraform grants a user the highest permissions possible, regardless of whether that permission was set by an HCP or HCP Terraform role, or whether the role was set by an organization, project, or workspace. To learn more, refer to Effective permissions.

The following sections explain how to set permissions in HCP Terraform:

Set organization-level permissions

Note

To learn how set roles in HCP Europe organizations, refer to Set organization-level roles for HCP Europe organizations.

To set organization-level permissions for a team, perform the following steps:

Navigate to your organization's Settings page.
Click Teams, then select the team name from the list.
Assign the permissions you want to grant team members across your organization.
Click Update team organization access to save the permissions.

For more information about what each permission grants, refer to Organization permissions.

Set organization-level roles for HCP Europe organizations

If your URL includes portal.cloud.eu.hashicorp or app.eu.terraform.io, then you are in an HashiCorp Cloud Platform (HCP) Europe organization. If you are not in an HCP Europe organization, refer to [Set organization-level permissions](#set-organization-level-permissions.

If you are in an HCP Europe organization, HCP Terraform inherits the groups and roles you define in HCP. To learn about creating groups and managing users, refer to HCP Groups. You can assign organization-level permissions to groups in the following ways:

HCP roles: Assign HCP roles to groups in HCP, and those roles automatically grant permissions in HCP Terraform.
HCP Terraform roles: Assign additional permissions to refine access to the organization in HCP Terraform.

To add a new organization-level role for your group in HCP Terraform, perform the following steps:

Navigate to your organization in HCP Terraform EU. Your URL must include app.eu.terraform.io.
Select Settings, then Role assignments in the side navigation.
Click + Add new assignment.
Select a group to assign a Terraform role to, then click Select group.
Alternatively, open the ellipses menu for a group and complete the following steps:
1. Select View organization-level permissions.
2. Select Manage roles.
3. Click Edit Terraform Roles.
To manage your HCP organization role, you can alternatively select Manage roles on HCP to navigate to HCP.

To learn more about using roles and HCP groups, refer to HCP group roles and HCP Terraform permissions. To learn about the specific permissions you can assign to organizations in HCP Terraform, refer to Organization permissions.

Set project-level permissions

Note

To learn how set roles in HCP Europe organizations, refer to Set project-level roles for HCP Europe organizations.

To set project-level permissions for a team, perform the following steps:

Navigate to your organization's Projects page.
Select a project from the list, then select Settings in the side navigation.
Click Team access, and select the team name from the list or click + Add team to add a new team assignment.
Choose one of the preset permission set roles, or set individual permissions to create a custom role.
Click Assign permissions to save the settings.

For more information about each permission, refer to Project permissions.

Set project-level roles for HCP Europe organizations

If you are in an HCP Europe organization, HCP Terraform inherits the groups and roles you define in HCP. To learn about creating groups and managing users, refer to HCP Groups. You can assign project-level roles to groups in the following ways:

HCP roles: Assign HCP roles to groups in HCP, and those roles automatically grant permissions in HCP Terraform.
HCP Terraform roles: Assign additional permissions to refine access to the project in HCP Terraform.

To add a new project-level role for your group in HCP Terraform, perform the following steps:

Navigate to your organization in HCP Terraform EU. Your URL must include app.eu.terraform.io.
Select a project from the list.
Select Settings, then Role assignments from the side navigation.
Click + Add new assignment.
Select a role and a group, then click Assign role.
Alternatively, open the ellipses menu for a group and complete the following steps:
1. Select View project-level permissions.
2. Select Manage roles.
3. Click Edit Terraform Roles.
To manage your HCP project role, you can alternatively select Manage roles on HCP to navigate to HCP.

To learn more about using roles and HCP groups, refer to HCP group roles and HCP Terraform permissions. To learn about the specific permissions you can assign to projects in HCP Terraform, refer to Project permissions.

Set workspace-level permissions

Note

To learn how set roles in HCP Europe organizations, refer to Set workspace-level roles for HCP Europe organizations.

To set workspace-level permissions for a team, perform the following steps:

Navigate to your organization's Workspaces page.
Select a workspace from the list, then select Settings in the side navigation.
Click Team access, and select the team name from the list or click + Add team and permissions to add a new team assignment.
Choose one of the preset permission set roles, or set individual permissions to create a custom role.
Click Assign permissions to save the settings.

For more information about each permission, refer to Workspaces permissions.

Set workspace-level roles for HCP Europe organizations

HCP roles - You can assign HCP roles to groups in HCP, and those roles automatically grant permissions in HCP Terraform.
HCP Terraform roles - Assign additional permissions to refine access to the project in HCP Terraform.

To add a new workspace-level role for your group in HCP Terraform, perform the following steps:

Navigate to your organization in HCP Terraform EU, your URL must include app.eu.terraform.io.
Navigate to your organization's Workspaces page.
Select a workspace from the list.
Select Settings, then Role assignments from the side navigation.
Click + Add new assignment.
Select a role and a group to assign, then click Assign role.
Alternatively, open the ellipses menu for a group and complete the following steps:
1. Select View workspace-level permissions.
2. Select Manage roles.
3. Click Edit Terraform Roles.

To learn more about using roles and HCP groups, refer to HCP group roles and HCP Terraform permissions. To learn about the specific permissions you can assign to workspaces in HCP Terraform, refer to Workspace permissions.