Virtual Event
Join us for the next HashiConf Digital October 12-15, 2020 Register for Free

Collaborate using Terraform Cloud


Manage Permissions in Terraform Cloud

As your Terraform usage grows, you may need to collaborate with more that five users in Terraform Cloud, and control their permissions. In this guide, you will learn how to invite users, create teams, and assign specific workspace permissions.

Terraform Cloud teams can have read, plan, write, or admin permissions on individual workspaces. Organization owners grant permissions by grouping users into teams and giving those teams priviliges based on their need for access to individual workspaces. HashiCorp recommends following the principle of least privileges when assigning access to workspaces.

For this guide, you will need:

  • A Terraform Cloud account with the Team plan.
  • Organizer owner permissions of this account.

»Create a new team

The default team in Terraform Cloud is the "owners" of that organization. This team has blanket admin priviliges so it is important to create restricted team access before adding new members.

To add a new team, navigate to your organization Settings > Teams. Enter the name Dev-Team and choose "Create team" to save.

Create a new team

The organization access settings should all be unchecked for this new team.

Organization access settings

This team doesn't have access to any workspaces yet, so now you need to assign permissions.

»Assign team permissions

To assign workspace permissions for a team, navigate to the Workspace page in Terraform Cloud.

Create a test workspace called called dev-webapp so that you don't impact any real resources while following this example.

Create a test workspace

Click on the dev-webapp workspace and navigate to the Settings dropdown. From here, choose Team Access.

Assign team access to workspace

From the Team name dropdown, choose Dev-Team. From Permissions, choose write and click Add team to save these settings.

Assign team access to workspace

This team has permissions to an explicit workspace now, but no users to execute operations. You will need to add users to your organization.

»Invite a user to your organization

To collaborate with your colleagues in Terraform Cloud, you need to grant them access to the same Terraform Cloud organization. You can add users to an organization by inviting them using their email address. Even if your team member has not signed up for Terraform Cloud yet, they can still accept the invitation and create a new account.

To start inviting team members, navigate to your organization's Settings and selecting Users and click "Invite a User" to send an email invite.

Invite new team members

»Add a user to a team

Enter the email address of the teammate you need to add. From the "Add to teams" dropdown, choose Dev-Team. They will receive a Terraform Cloud invite to this email address and need to accept the invitation. If they do not have a Terraform Cloud account, when they accept the invitation, they will be taken to an account creation page and be automatically added to your organization.

Once your new team members accept their invitations, you will see them populate the Dev-Team member's settings.

New members in a team

Your Dev-Team members now have write permissions to the dev_webapp workspace.

»Next Steps

This example scenario walked you through creating teams, inviting and assigning users, and applying workspace level permissions to teams. You can find more information on Team management settings in the Terraform Docs.