HashiCorp Learn
Infrastructure
  • TerraformTerraformLearn terraformDocs
  • PackerPackerLearn packerDocs
  • VagrantVagrantLearn vagrantDocs
Security
  • VaultVaultLearn vaultDocs
  • BoundaryBoundaryLearn boundaryDocs
Networking
  • ConsulConsulLearn consulDocs
Applications
  • NomadNomadLearn nomadDocs
  • WaypointWaypointLearn waypointDocs
  • HashiCorp Cloud Platform (HCP) LogoHashiCorp Cloud Platform (HCP)HashiCorp Cloud Platform (HCP)Docs
Type '/' to Search
Loading account...
  • Bookmarks
  • Manage Account
  • Overview
  • Create a new team
  • Assign team permissions
  • Invite a user to your organization
  • Add a user to a team
  • Next Steps
DocsForum
Back to terraform
Terraform CloudView Collection
    Authenticate the CLI with Terraform CloudMigrate State to Terraform CloudConnect Workspaces with Run TriggersManage Permissions in Terraform CloudConfigure GitHub.com Access through OAuth
Team

Manage Permissions in Terraform Cloud

  • 3 min
  • Products Usedterraform

Note: This functionality is available in the Terraform Cloud Team tier and above, and in Terraform Enterprise. Organization owners can enable a 30-day free trial in their settings under “Plan & Billing”.

As your Terraform usage grows, you may need to collaborate with more that five users in Terraform Cloud, and control their permissions. In this tutorial, you will learn how to invite users, create teams, and assign specific workspace permissions.

Terraform Cloud teams can have read, plan, write, or admin permissions on individual workspaces. Organization owners grant permissions by grouping users into teams and giving those teams privileges based on their need for access to individual workspaces. HashiCorp recommends following the principle of least privileges when assigning access to workspaces.

For this tutorial, you will need:

  • A Terraform Cloud account with the Team tier.
  • Organizer owner permissions of this account.

»Create a new team

The default team in Terraform Cloud is the "owners" of that organization. This team has blanket admin privileges so it is important to create restricted team access before adding new members.

To add a new team, navigate to your organization Settings > Teams. Enter the name Dev-Team and choose "Create team" to save.

Create a new team

The organization access settings should all be unchecked for this new team.

Organization access settings

This team doesn't have access to any workspaces yet, so now you need to assign permissions.

»Assign team permissions

To assign workspace permissions for a team, navigate to the Workspace page in Terraform Cloud.

Create a test workspace called called dev-webapp so that you don't impact any real resources while following this example.

Create a test workspace

Click on the dev-webapp workspace and navigate to the Settings dropdown. From here, choose Team Access.

Assign team access to workspace

Choose "Add team and permissions."

Assign team access to workspace

Select the "Dev-Team."

Assign team access to workspace

Scroll down and assign Write permissions to your team.

Assign team access to workspace

"Dev-Team" has Write permissions to an explicit workspace now, but no users to execute operations. You will need to add users to your organization.

»Invite a user to your organization

The Terraform Cloud Team tier is charged on a per-user basis so adding new users to your organization incurs cost. For more information on plan features and cost, see the product pricing information.

To collaborate with your colleagues in Terraform Cloud, you need to grant them access to the same Terraform Cloud organization. You can add users to an organization by inviting them using their email address. Even if your team member has not signed up for Terraform Cloud yet, they can still accept the invitation and create a new account.

To start inviting team members, navigate to your organization's Settings and selecting Users and click "Invite a User" to send an email invite.

Invite new team members

»Add a user to a team

Enter the email address of the teammate you need to add. From the "Add to teams" dropdown, choose Dev-Team. They will receive a Terraform Cloud invite to this email address and need to accept the invitation. If they do not have a Terraform Cloud account, when they accept the invitation, they will be taken to an account creation page and be automatically added to your organization.

Once your new team members accept their invitations, you will see them populate the Dev-Team member's settings.

New members in a team

Your Dev-Team members now have write permissions to the dev_webapp workspace.

»Next Steps

This example scenario walked you through creating teams, inviting and assigning users, and applying workspace level permissions to teams. You can find more information on Team management settings in the Terraform Docs.


Back to Collection
HashiCorp
  • System Status
  • Terms of Use
  • Security
  • Privacy
stdin: is not a tty