1.2.4 User Roles & Permissions

Concourse comes with four roles: Concourse Admin, Team Owner, Team Member, Team Viewer.

Concourse Admin

Admin is a special user attribute granted only to owners of the main team.

Admins have the ability to administrate teams using fly set-team, fly destroy-team, fly rename-team, etc.

Team Owner role

Team Owners have read, write and auth management capabilities within the scope of their team. For those familiar with Concourse today, the scope of allowed actions for a Team Owner is very closely aligned to today’s Concourse team member. The new change is that you can no longer rename your own team or destroy your own team as an owner.

Team Member role

Team Member lets users operate within their teams in a read & write fashion; but prevents them from changing the auth configurations of their team.

Team Viewer role

Team Viewer gives users “read-only” access to a team. This locks everything down, preventing users from doing a set-pipeline or hijack.

Permission Matrix

fly CLI commands

Command Anon Admin Owner Member Viewer
abort-build
builds
check-resource
checklist
containers
destroy-pipeline
destroy-team
execute
expose-pipeline
format-pipeline
get-pipeline
help
hide-pipeline
hijack
jobs
login
logout
order-pipelines
pause-job
pause-pipeline
pipelines
prune-worker
rename-pipeline
rename-team
set-pipeline
set-team
status
sync
targets
teams
trigger-job
unpause-job
unpause-pipeline
validate-pipeline
volumes
watch ✓*
workers

Web UI

Page Action Owner Member Viewer
Home (HD/Dashboard) View
Login
Logout
Download fly CLI
Pause Pipeline
Resume Pipeline
Reorder Pipeline
Pipeline Page View
Click to Resource
Click to Build
Click on Group
Resource Page View Resource
View Version Details
Pin Version
Paginate (<- ->)
Build Page Trigger new Build
View Build
Build Details
Job Page View Job Page
Pause Job
Trigger new Build
Build History
Paginate (<- ->)