IAM Settings
Manage users, teams, roles, and permissions. Control who can access what in your ops0 organization.
IAM Sections
Users
Users List
| Column | Description |
|---|---|
| Name | User's display name |
| Account email | |
| Role | Assigned role |
| Teams | Team memberships |
| Status | Active, Pending, Disabled |
| Last Active | When last seen |
User Statuses
Searching Users
Type in the Search box to filter by name or email. Filtering is real-time.
Filtering Users
| Filter | Options |
|---|---|
| Role | Any role |
| Team | Any team |
| Status | Active, Pending, Disabled |
Inviting Users
Send Invitation
Open Invite Dialog
Click the Invite User button.
Enter Emails
Enter one or more email addresses for the users you wish to invite.
Select Role
Choose an initial role for the new users (e.g., Developer).
Add to Teams (Optional)
Optionally select teams to automatically add the users to.
Send
Click Send Invitation.
Invitation Form
| Field | Required | Description |
|---|---|---|
| Email(s) | Yes | One or more emails |
| Role | Yes | Initial role |
| Teams | No | Team assignments |
| Message | No | Personal message |
Bulk Invite
Enter multiple emails (comma-separated) or click Upload CSV. All users receive the same role.
Pending Invitations
Go to the Invitations tab to see all pending invites. You can resend or cancel invitations as needed.
Managing Users
User Details
Click on a user row to open the detail panel:
| Section | Contents |
|---|---|
| Profile | Name, email, avatar |
| Role | Current role |
| Teams | Team memberships |
| Activity | Recent actions |
| Sessions | Active sessions |
Change User Role
Open User Details
Click on a user row to open the detail panel.
Edit Role
Click the Edit Role button.
Select Role
Choose the new role from the dropdown.
Save
Click Save to apply the changes.
Add to Team
Open User Details
Click on a user row.
Add to Team
Click the Add to Team button.
Select Team
Choose the team(s) to add the user to.
Confirm
Click Add.
Disable User
Open User Details
Click on a user row.
Disable
Click Disable User.
Confirm
Confirm the action in the prompt.
Result
User cannot log in and active sessions are revoked.
Remove User
Removing a user cannot be undone. They will lose all access immediately.
Open User Details
Click on a user row.
Remove
Click Remove from Organization.
Confirm
Confirm the action to permanently remove the user.
Teams
Teams List
| Column | Description |
|---|---|
| Name | Team name |
| Description | Team purpose |
| Members | Member count |
| Projects | Assigned projects |
Creating a Team
Create Team
Click the Create Team button.
Name & Description
Enter a descriptive name and optional description.
Add Members
Select initial members to add (optional).
Create
Click Create.
Team Form
| Field | Required | Description |
|---|---|---|
| Name | Yes | Team name |
| Description | No | What team does |
| Members | No | Initial members |
Managing Teams
Click on a team to access these actions:
| Action | Description |
|---|---|
| Add Members | Add users to team |
| Remove Members | Remove from team |
| Edit Details | Change name/description |
| Delete Team | Remove the team |
Team Permissions
Teams can be granted access to:
| Resource | Access Levels |
|---|---|
| Projects | View, Edit, Deploy |
| Clusters | View, Manage |
| Workflows | View, Run, Edit |
| Policies | View, Edit |
Roles
Default Roles
Owner
Full access and organization management
Admin
Full access except organization deletion
Developer
Create, edit, deploy permissions
Viewer
Read-only access
Role Permissions
Owner:
- All permissions
- Delete organization
Admin:
- Manage users and teams
- Manage integrations
- All project permissions
Developer:
- Create projects
- Edit projects
- Deploy changes
- View all resources
Viewer:
- View projects
- View deployments
- View logs
- No modifications
Creating Custom Role
Create Role
Click the Create Role button.
Name Role
Enter a name and description for the new role.
Base Role (Optional)
Select a base role to inherit permissions from.
Configure Permissions
Toggle permissions for each resource type.
Create
Click Create to save the role.
Role Form
| Field | Required | Description |
|---|---|---|
| Name | Yes | Role name |
| Description | No | Role purpose |
| Base Role | No | Inherit from |
| Permissions | Yes | Permission list |
Permission Categories
| Category | Permissions |
|---|---|
| Organization | View, Edit, Delete |
| Users | View, Invite, Edit, Remove |
| Projects | View, Create, Edit, Delete |
| Deployments | View, Run, Cancel, Approve |
| Clusters | View, Add, Edit, Remove |
| Workflows | View, Run, Edit, Delete |
| Policies | View, Create, Edit, Delete |
| Settings | View, Edit |
Editing Permissions
Delete Custom Role
Permission Inheritance
Organization Level
Set at organization settings:
- Default role for new users
- Organization-wide policies
Team Level
Teams can grant additional permissions:
- Access to specific projects
- Access to specific clusters
User Level
Individual users can have:
- Role assignment
- Team memberships
- Direct project access
Effective Permissions
User's effective permissions = Role + Teams + Direct grants
Audit Trail
Viewing IAM Changes
Go to Audit Logs and filter by category: IAM to see all user/role changes.
Logged Events
| Event | Details |
|---|---|
| User Invited | Who invited, email |
| User Joined | When accepted |
| Role Changed | Old role, new role |
| User Removed | Who removed |
| Team Created | Team name, creator |
| Role Created | Role name, permissions |
Troubleshooting
Check user's role, team memberships, and project permissions. Verify the user is not disabled.
User may need to log out and back in. Check for conflicting permissions. Verify role configuration.
Example: Setting Up Team-Based Access
Scenario
You want to give the Platform team access to production projects and the Dev team access to staging projects.
Step 1: Create Teams
Team 1:
Name: Platform Team
Description: Production infrastructure management
Members: alice@example.com, bob@example.com
Team 2:
Name: Dev Team
Description: Development and staging
Members: charlie@example.com, diana@example.com
Step 2: Create Custom Roles
Role 1:
Name: Platform Engineer
Base Role: Developer
Permissions:
✓ Deployments: Run, Approve
✓ Clusters: Manage
✓ Workflows: Edit
Role 2:
Name: Developer
Base Role: Developer
Permissions:
✓ Deployments: Run
✗ Deployments: Approve
✓ Clusters: View
Step 3: Assign Roles to Teams
Platform Team:
Role: Platform Engineer
Projects: production-*, infra-*
Dev Team:
Role: Developer
Projects: staging-*, dev-*
Step 4: Verify Access
User: alice@example.com
─────────────────────────────────────
Role: Platform Engineer
Teams: Platform Team
Projects:
✓ production-api (via team)
✓ production-web (via team)
✓ infra-networking (via team)
✗ staging-api (no access)
Permissions:
✓ Can deploy to production
✓ Can approve deployments
✓ Can manage clusters
User: charlie@example.com
─────────────────────────────────────
Role: Developer
Teams: Dev Team
Projects:
✓ staging-api (via team)
✓ dev-experiments (via team)
✗ production-api (no access)
Permissions:
✓ Can deploy to staging
✗ Cannot approve deployments
✓ Can view clusters (read-only)
Result
Access Matrix
─────────────────────────────────────
Platform Team Dev Team
production-api ✓ Deploy+Approve ✗ No access
staging-api ✗ No access ✓ Deploy only
Cluster Management ✓ Full ✓ View only
Workflow Edit ✓ Yes ✗ No