Built-in roles
Read time: 3 minutes
Last edited: Jul 24, 2024
Overview
This topic explains the built-in roles that come with every LaunchDarkly project, and how they relate to each other.
LaunchDarkly's built-in roles
Every LaunchDarkly account has four built-in roles: Reader, Writer, Admin, and Owner. Customers on an Enterprise plan also have a restricted No access role.
The account member who created your LaunchDarkly account is granted an Owner role automatically, because those permissions are required to configure your account and to add more account members. Only one account member can have the Owner role at a time. You can change which member has the Owner role when there is more than one account member in your LaunchDarkly account. To learn more, read Changing account owners.
You must assign each account member at least one role. You can assign account members a built-in role or one or more custom roles to give them the exact set of permissions they need.
You must set an account member's initial role when you invite them to LaunchDarkly. LaunchDarkly assigns new account members the Reader role by default, unless you choose a different starting role. The Reader role gives view, but not write, access to all projects and flags within your LaunchDarkly account.
Some customers, especially those in highly regulated industries, do not want members to have view access to everything in their LaunchDarkly account when they first join. The No access role can help your organization manage access to resources within LaunchDarkly and enforce security best practices, such as the principle of least privilege.
If an account member needs more advanced permissions, an account member with permissions to do so must adjust their role. To learn how, read Change individual member roles.
This table displays the built-in roles and their associated permissions:
Role name | Can view data | Can modify data | Can manage account members | Can manage billing |
---|---|---|---|---|
Reader | ||||
Writer | ||||
Admin | ||||
Owner | ||||
No access |
Reader
Readers can view information in LaunchDarkly, but can't modify it. This role is for members of your organization who need visibility into your feature flags, but shouldn’t be able to modify rollout rules or administrative settings.
Writer
Writers can make changes to LaunchDarkly that impact what the platform does. For example, they can modify feature flags, metrics, environments, projects, and more. They can’t add new account members to the account or manage your payment method or plans. This role is for members who need the ability to configure your organization's feature flags.
Admin and Owner
Admins can do anything in LaunchDarkly except modify which account member has the Owner role. You can have multiple Admins in your LaunchDarkly account.
Owners have absolute power over your entire LaunchDarkly account, including the ability to add or remove the Admin role from other account members, or to remove the Owner role from themselves and assign it to someone else.
No access
The No access role is available to customers on an Enterprise plan. To learn more, read about our pricing. To upgrade your plan, contact Sales.
Members with this role can't access any part of the LaunchDarkly platform. This role is for members who shouldn't be able to view or modify anything until an admin grants them access to specific areas of LaunchDarkly. To learn more, read Configuring roles with no access.