Roles and Permissions

Master Cycle's granular permissions system, and leverage roles to maximize your hub security.

Cycle's permissions are built on a system of individual capabilities. A capability is some small task, such as creating an environment. By composing different capabilities together, you can fine-tune exactly what a member of your hub is allowed to do. Account roles are built off of this, and are simply pre-composed capabilities with a name.

At this time, only the role, not the individual capabilities of a member, can be set. However, API keys can be fully configured.

Capabilities List

Below are the individual capabilities making up Cycle's permission system. Use the tabs to sort capabilities by each role.

PermissionDescription
apikeys-manage
OWNER, ADMIN
User has the ability to create, update, and delete API Keys.
billing-credits-view
OWNER, ADMIN
User has the ability to view credits associated with the hub.
billing-invoices-pay
OWNER, ADMIN
User has the ability to authorize a payment to an invoice.
billing-invoices-view
OWNER, ADMIN
User has the ability to view invoices generated for the hub.
billing-methods-manage
OWNER
User has the ability to add and remove payment methods to the product.
billing-orders-manage
OWNER, ADMIN
User has the ability to create/delete new orders. This is required to add new infrastructure to a hub.
billing-services-view
OWNER, ADMIN
User has the ability to view active services associated with the hub.
containers-console
OWNER, ADMIN, DEVELOPER
User has the ability to connect to a container instance's console.
containers-delete
OWNER, ADMIN, DEVELOPER
User has the ability to delete containers.
containers-deploy
OWNER, ADMIN, DEVELOPER
User has the ability to deploy containers.
containers-ssh
OWNER, ADMIN, DEVELOPER
User has the ability to connect to a container instance via SSH / instance console.
containers-state
OWNER, ADMIN, DEVELOPER
User has the ability to modify a container's state. This allows them to start/stop/pause a container.
containers-update
OWNER, ADMIN, DEVELOPER
User has the ability to modify a container's information. This includes changing the domain, changing the container configuration, reimaging, and updating general settings such as the container name.
containers-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view containers.
containers-volumes-manage
OWNER, ADMIN, DEVELOPER
User has the ability to modify a container's volumes. This includes the name and remote access settings.
containers-volumes-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view a container's volumes.
dns-manage
OWNER, ADMIN, DEVELOPER
User has the ability to update/delete zones, and update/delete records within those zones.
dns-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view DNS zones and records
environments-create
OWNER, ADMIN, DEVELOPER
User has the ability to create new environments.
environments-delete
OWNER, ADMIN, DEVELOPER
User has the ability to delete environments. This will automatically include the ability to delete containers.
environments-services-manage
OWNER, ADMIN
User has the ability to modify environment services, such as the VPN.
environments-state
OWNER, ADMIN, DEVELOPER
User has the ability to modify the state of the environment. This includes starting and stopping all containers in an environment.
environments-update
OWNER, ADMIN, DEVELOPER
User has the ability to update basic information about an environment, such as the name.
environments-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view environments.
environments-vpn
OWNER, ADMIN, DEVELOPER
User has the ability to access the VPN service provided by an environment.
environments-vpn-manage
OWNER, ADMIN
User has the ability to manage the VPN service provided by an environment, such as adding/deleting users.
hubs-delete
OWNER
User has ability to delete the hub.
hubs-invites-manage
OWNER, ADMIN
User has ability to revoke sent invitations.
hubs-invites-send
OWNER, ADMIN
User has ability to invite others to the hub, at their role level or below.
hubs-members-manage
OWNER, ADMIN
User has the ability to remove members equal or lower than their role.
hubs-members-view
OWNER, ADMIN
User has the ability to view other members in the hub.
hubs-notifications-listen
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to connect to the hubs websocket and listen for notifications.
hubs-update
OWNER, ADMIN
User has ability to update basic information about the hub, such as name.
images-build
OWNER, ADMIN, DEVELOPER
User has the ability to import and build images.
images-delete
OWNER, ADMIN, DEVELOPER
User has the ability to delete images
images-update
OWNER, ADMIN, DEVELOPER
User has the ability to modify an image's basic information, such as name.
images-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view individual images.
jobs-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view jobs associated with a hub.
projects-create
OWNER, ADMIN
User has the ability to create projects.
projects-delete
OWNER, ADMIN
User has the ability to delete projects.
projects-update
OWNER, ADMIN, DEVELOPER
User has the ability to update projects.
projects-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view projects.
sdn-networks-manage
OWNER
User has the ability to create, update, and delete SDN Networks.
sdn-networks-view
OWNER
User has the ability to view SDN networks
servers-decommission
OWNER, ADMIN
User has the ability to remove a hub's servers.
servers-login
OWNER
User has the ability to log in to a hub's servers.
servers-provision
OWNER, ADMIN
User has the ability to provision new servers for the hub.
servers-state
OWNER, ADMIN
User has the ability to start/shutdown/reboot a hub's servers.
servers-update
OWNER, ADMIN, DEVELOPER
User has the ability to modify information about hub servers. This includes the name, as well as adding/removing tags.
servers-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view a hub's servers.
stacks-builds-manage
OWNER, ADMIN, DEVELOPER
User has the ability to build stacks, view stack builds, deploy stacks to environments, and delete old builds.
stacks-create
OWNER, ADMIN, DEVELOPER
User has the ability to create stacks.
stacks-delete
OWNER, ADMIN, DEVELOPER
User has the ability to delete stacks.
stacks-hooks-manage
OWNER, ADMIN, DEVELOPER
User has the ability to add/remove stack hooks.
stacks-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view stacks.
usage-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view a hub's usage statistics.

Need Help?

If you've got questions about the platform or need some help getting started, our team is more than happy to assist. Whether you're new to containers or just new to Cycle, reach out to us via livechat by clicking the blue circle in the bottom right corner. Join our Slack channel, and get help from the dev team or other members of the community, and check out our Roadmap to see what's planned for the future!