Members and their role
A member is someone you want to give access to an organization. Once
designated, they can push to any of the organizations repositories and import them as a dependency.
Only members with admin access are allowed to perform any administrative tasks such as base resource roles or adding
other members.
Members can be added by owners and admins of the organization. Members are granted the organization's base resource role, which defaults to write, but is configurable by owners and admins.
Add Member
To add a member to an organization, you can log in to the Buf Schema Registry, navigate to the organizations Settings page, and then select Add member.
When adding a member to an organization, there are a few important things to keep in mind:
- Members must already have an active Buf Account.
- Members can be added by owners and admins of the organization.
- Members are granted the organization's base resource role, which defaults to write, but is configurable by owners and admins.
Member Roles
Every user that is part of an organization has an explicit role. Note that users are unable to modify their own role. If you need to lower your access, have another organization user perform this action, or, leave the organization and request to be re-added with the desired role.
Member
- Can view the organization and its members.
- Inherits the base resource roles on existing organization resources (the default is Write).
Machine
- Can view the organization and its members.
- Inherits Write roles over existing organization resources, regardless of the organization's base resource roles.
This role is useful in CI pipelines - you can set the organization base roles to Read and configure a Machine user to push to a BSR repository on merge, for example.
Admin
- Can modify organization settings, such as base resource roles.
- Can manage user roles, except owners.
- Can add resources.
Owner
- Users that require unrestricted access to the organization, its settings, and all resources owned by the organization.
- Can delete organization. All resources such as repositories, templates, and plugins must be deleted before the organization can be deleted.
- Can add and delete resources such as repositories
You can also assign more granular members rights ("Read", "Limited Write", "Write", "Admin") on Buf Schema Registry repositories. For more information see the repository documentation.
Base resource roles
Base roles apply to all members of the organization. The base role can be elevated individually for the organization members, and outside collaborators can be added with an arbitrary role. Every organization has a set of base resource roles that apply to all members of the organization. The default roles:
| Repository | Template | Plugin |
|---|---|---|
| Write | Write | Write |
Organization owners can modify the base resource roles depending on the requirements of the organization. These roles are configurable on the organization settings page.
Base Repository Role
ReadCan read the repository, and import it as a dependency.Limited WriteCan write drafts to the repository.WriteCan write to the repository, such as by pushing new content or creating tags.AdminCan administer the repository, including managing access or updating settings like deprecation status.
Base Template Role
ReadCan read the template, and use it for code generation.WriteCan write to the template, updating its version or those of its dependencies.AdminCan administer the template, including managing access to the template and updating its settings.
Base Plugin Role
ReadCan read the plugin, use it for code generation and reference within templates.WriteCan write to the plugin, updating its content and creating new versions.AdminCan administer the plugin, including managing access to the plugin and updating its settings.