Coder allows you to assign different roles to users, and each role comes with a distinct set of privileges regarding what the user can access and which actions they can perform.
There are four roles available:
| Role | Description |
| Site admin | Grants full access to the system. Note that there can only be one site admin per system |
| Site manager | Allows access to all administrative functionality in addition to basic usage rights |
| Auditor | Offers auditing functionality |
| Member | Allows basic usage of Coder |
Additive permissions
The following tables detail what permissions Coder grants to each of the four roles, but a summary of the roles are:
- All users are (or have the permissions of) a member
- An auditor has the permissions of a member, plus the ability to work with audit logs
- A site manager has the permissions of a member or an auditor, plus additional administrative rights
- A site admin has the permissions of a member, auditor, and site manager, as well as additional admin rights (e.g., creating site managers, access to API keys)
Site admin permissions
| Create | Read (all) | Read (own) | List | Update (all) | Update (own) | Delete (all) | Delete (own) | |
|---|---|---|---|---|---|---|---|---|
| API keys | X | X | X | X | X | X | X | X |
| Audit logs | X | |||||||
| Configuration | X | X | ||||||
| Dev URLs | X | X | X | X | ||||
| Workspaces | X | X | X | X | ||||
| Images | X | X | X | X | ||||
| Image tags | X | X | X | X | ||||
| Metrics | X | X | ||||||
| OAuth | X | X | ||||||
| Org members | X | X | X | X | X | |||
| Organizations | X | X | X | X | X | |||
| Registries | X | X | X | X | ||||
| System banners | X | X | X | X | ||||
| Users | X | X | X | X | X | X | X |
Site manager permissions
| Create | Read (all) | Read (own) | List | Update (all) | Update (own) | Delete (all) | Delete (own) | |
|---|---|---|---|---|---|---|---|---|
| API keys | X | X | X | X | ||||
| Audit logs | X | |||||||
| Configuration | X | X | ||||||
| Dev URLs | X | X | X | X | ||||
| Workspaces | X | X | X | X | ||||
| Extensions | X | X | ||||||
| Images | X | X | X | X | ||||
| Image tags | X | X | X | X | ||||
| Metrics | X | X | ||||||
| OAuth | X | X | ||||||
| Org members | X | X | X | X | X | |||
| Orgs | X | X | X | X | X | |||
| Registries | X | X | X | X | ||||
| System banners | X | X | X | X | ||||
| Users | X | X | X | X | X | X | X |
Auditor permissions
| Create | Read (all) | Read (own) | List | Update (all) | Update (own) | Delete (all) | Delete (own) | |
|---|---|---|---|---|---|---|---|---|
| API keys | X | X | X | X | ||||
| Audit logs | X | |||||||
| Configuration | X | |||||||
| Dev URLs | X | X | X | |||||
| Metrics | X | |||||||
| Users | X | X | X |
Member permissions
| Create | Read (all) | Read (own) | List | Update (all) | Update (own) | Delete (all) | Delete (own) | |
|---|---|---|---|---|---|---|---|---|
| API keys | X | X | X | X | ||||
| Configuration | X | |||||||
| Dev URLs | X | X | X | X | ||||
| Metrics | X | |||||||
| Users | X | X | X |
Changing a user's role
By default, all new users are assigned the Member role. These users can be upgraded to Auditor or Site Manager by another user with administrative privileges.
To change a user's role, go to Manage > Users. Find the user and use the Site Role drop-down to change the assigned role.