No results for ""
EXPAND ALL
  • Home
  • API docs

GIVE DOCS FEEDBACK

LaunchDarkly's built-in roles

Read time: 3 minutes
Last edited: Jan 06, 2023

Overview

This topic explains the built-in roles that come with every LaunchDarkly project, and how they relate to each other.

Understanding LaunchDarkly's built-in roles

Every LaunchDarkly account has four built-in roles: Reader, Writer, Admin, and Owner. Customers on an Enterprise plan also have a restricted No access role.

The account member who created your LaunchDarkly account is granted an Owner role automatically, because those permissions are required to configure your account and to add more account members. Only one account member can have the Owner role at a time. You can change which member has the Owner role when there is more than one account member in your LaunchDarkly account. To learn more, read Changing account owners.

You must assign each account member at least one role. You can assign account members a built-in role or one or more custom roles to give them the exact set of permissions they need.

You must set an account member's initial role when you invite them to LaunchDarkly. LaunchDarkly assigns new account members the Reader role by default, unless you choose a different starting role. The Reader role gives view, but not write, access to all projects and flags within your LaunchDarkly account.

The No access role gives your organization the most control

Some customers, especially those in highly regulated industries, do not want members to have view access to everything in their LaunchDarkly account when they first join. The No access role can help your organization manage access to resources within LaunchDarkly and enforce security best practices, such as the principle of least privilege.

If an account member needs more advanced permissions, an account member with permissions to do so must adjust their role. To learn how, read Changing an individual member's roles.

This table displays the built-in roles and their associated permissions:

Role nameCan view dataCan modify dataCan manage account membersCan manage billing
Reader
Writer
Admin
Owner
No access

Reader

Readers can view information in LaunchDarkly, but can't modify it. This role is for members of your organization who need visibility into your feature flags, but shouldn’t be able to modify rollout rules or administrative settings.

Writer

Writers can make changes to LaunchDarkly that impact what the platform does. For example, they can modify feature flags, metrics, environments, projects, and more. They can’t add new account members to the account or manage your payment method or plans. This role is for members who need the ability to configure your organization's feature flags.

Admin and Owner

Admins can do anything in LaunchDarkly except modify which account member has the Owner role. You can have multiple Admins in your LaunchDarkly account.

Owners have absolute power over your entire LaunchDarkly account, including the ability to add or remove the Admin role from other account members, or to remove the Owner role from themselves and assign it to someone else.

No access

The No access role is an Enterprise feature

The No access role is available to customers on an Enterprise plan. To learn more, read about our pricing. To upgrade your plan, contact Sales.

Members with this role can't access any part of the LaunchDarkly platform. This role is for members who shouldn't be able to view or modify anything until an admin grants them access to specific areas of LaunchDarkly. To learn more, read Configuring roles with no access.