LaunchDarkly's built-in roles
Read time: 1 minute
Last edited: Sep 24, 2021
This topic explains the three built-in roles that come with every LaunchDarkly project, and how they relate to each other.
LaunchDarkly has three built-in roles:
owner / admin. Every new account member must be given one of these roles.
Every account member must have at least either one of these three built-in roles or a custom role. If you need to, you can also assign account members multiple custom roles to give them the exact set of permissions they need.
A account member's initial role is set when they're invited to LaunchDarkly. If not otherwise specified, new account members are assigned the
reader role. A account member with the ability to do so must adjust a reader's role to give them more advanced permissions.
The one exception to this is the first account member, the person who created your LaunchDarkly account. This role is granted
owner permissions automatically, because they are required to configure your account completely and add more account members. You can change the account owner when there is more than one account member in your LaunchDarkly project. To learn more, read Changing account owners.
The three built-in roles are explained in more detail in this table:
|Readers can see information in LaunchDarkly, but can't modify it. This role is perfect for members of your organization that need visibility into your feature flags, but shouldn’t be able to modify rollout rules or administer the system.|
|Writers can make changes to LaunchDarkly that impact what the platform does. For example, they can modify feature flags, metrics, environments, projects, and more. They can’t add new account members to the account or manage your payment method or plans. This role is appropriate for account members who need the ability to configure how your organization's feature flags work.|
|Admins can do anything in LaunchDarkly except modify which account member has the owner role. There can be multiple admins in a LaunchDarkly project.|
Owners can do anything Admins can do in LaunchDarkly, as well as reassign the owner role to another account member.
You can give account members custom permissions by giving them custom roles. If you need more granular control over which users can do what, custom roles are for you. Custom roles let you define specific permissions for users or groups and apply them across your organization.
This is useful if you have users with multiple jobs, such as someone who needs access to flags controlled by an engineering team and the support team, or product managers who also code.
To learn more, read Custom roles.