Roles and Permissions

Master Cycle's granular permissions system, and leverage roles to maximize your project security.

Cycle's permissions are built on a system of individual capabilities. A capability is some small task, such as creating an environment. By composing different capabilities together, you can fine-tune exactly what a member of your project is allowed to do. Account roles are built off of this, and are simply pre-composed capabilities with a name.

At this time, only the role, not the individual capabilities of a member, can be set. However, API keys can be fully configured.

Capabilities List

Below are the individual capabilities making up Cycle's permission system. Use the tabs to sort capabilities by each role.

PermissionDescription
apikeys-manage
OWNER, ADMIN
User has the ability to create, update, and delete API Keys.
billing-invoices-pay
OWNER, ADMIN
User has the ability to authorize a payment to an invoice.
billing-invoices-view
OWNER, ADMIN
User has the ability to view invoices generated for the project.
billing-methods-manage
OWNER
User has the ability to add and remove payment methods to the product.
billing-orders-manage
OWNER, ADMIN
User has the ability to create/delete new orders. This is required to add new infrastructure to a project.
billing-services-view
OWNER, ADMIN
User has the ability to view active services associated with the project.
containers-console
OWNER, ADMIN, DEVELOPER
User has the ability to connect to a container's console.
containers-delete
OWNER, ADMIN, DEVELOPER
User has the ability to delete containers.
containers-deploy
OWNER, ADMIN, DEVELOPER
User has the ability to deploy new containers to an environment.
containers-state
OWNER, ADMIN, DEVELOPER
User has the ability to modify a container's state. This allows them to start/stop/pause a container.
containers-update
OWNER, ADMIN, DEVELOPER
User has the ability to modify a container's information. This includes changing the domain, changing the container configuration, reimaging, and updating general settings such as the container name.
containers-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view containers.
containers-volumes-manage
OWNER, ADMIN, DEVELOPER
User has the ability to modify a container's volumes. This includes the name and remote access settings.
containers-volumes-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view a container's volumes.
dns-manage
OWNER, ADMIN, DEVELOPER
User has the ability to update/delete zones, and update/delete records within those zones.
OWNER, ADMIN
User has the ability to manage the VPN service provided by an environment, such as adding/deleting users.
dns-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view DNS zones and records
environments-create
OWNER, ADMIN, DEVELOPER
User has the ability to create new environments.
environments-delete
OWNER, ADMIN, DEVELOPER
User has the ability to delete environments. This will automatically include the ability to delete containers.
environments-services-manage
OWNER, ADMIN
User has the ability to modify environment services, such as the VPN.
environments-state
OWNER, ADMIN, DEVELOPER
User has the ability to modify the state of the environment. This includes starting and stopping all containers in an environment.
environments-update
OWNER, ADMIN, DEVELOPER
User has the ability to update basic information about an environment, such as the name.
environments-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view environments.
environments-vpn-access
OWNER, ADMIN, DEVELOPER
User has the ability to access the VPN service provided by an environment.
images-build
OWNER, ADMIN, DEVELOPER
User has the ability to import and build images.
images-delete
OWNER, ADMIN, DEVELOPER
User has the ability to delete images
images-update
OWNER, ADMIN, DEVELOPER
User has the ability to modify an image's basic information, such as name.
images-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view individual images.
jobs-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view jobs associated with a project.
projects-delete
OWNER
User has ability to delete the project.
projects-invites-manage
OWNER, ADMIN
User has ability to revoke sent invitations.
projects-invites-send
OWNER, ADMIN
User has ability to invite others to the project, at their role level or below.
projects-members-manage
OWNER, ADMIN
User has the ability to remove members equal or lower than their role.
projects-members-view
OWNER, ADMIN
User has the ability to view other members in the project.
projects-members-view
OWNER, ADMIN
User has the ability to view other members in the project.
projects-pipeline-listen
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to connect to the projects websocket and listen for events.
projects-update
OWNER, ADMIN
User has ability to update basic information about the project, such as name.
servers-decommission
OWNER, ADMIN, DEVELOPER
User has the ability to start/shutdown/reboot a project's servers. Not yet implemented.
servers-state
OWNER, ADMIN
User has the ability to start/shutdown/reboot a project's servers. Not yet implemented.
servers-update
OWNER, ADMIN, DEVELOPER
User has the ability to modify information about project servers. This includes the name, as well as adding/removing tags.
servers-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view a project's servers.
stacks-builds
OWNER, ADMIN, DEVELOPER
User has the ability to build stacks, view stack builds, deploy stacks to environments, and delete old builds.
stacks-create
OWNER, ADMIN, DEVELOPER
User has the ability to create stacks.
stacks-delete
OWNER, ADMIN, DEVELOPER
User has the ability to delete stacks.
stacks-view
OWNER, ADMIN, DEVELOPER, ANALYST
User has the ability to view stacks.

Need Help?

If you've got questions about the platform or need some help getting started, our team is more than happy to assist. Whether you're new to containers or just new to Cycle, reach out to us via livechat by clicking the blue circle in the bottom right corner. Join our Slack channel, and get help from the dev team or other members of the community.