Protecting Projects and Environments
If you have a Business Subscription you can leverage Project and Environment Access Controls to restrict user access for organization contributors and viewers. Projects and Environments can be created by any user with write access, however they are created with access control disabled. If you do not have the appropriate subscription you will see an error message if you try to go into the access control pages:
Organization Owners and Administrators can enable Access Control on a Project or Environment and designate a Role for each user within it:
Enabling Access Control
To enable Access Control, use the toggle control. This will make you the Owner of that Project or Environment. When Access Control is enabled, there must always be at least one Owner role in that Project or Environment. If a user does not have a Role assigned with Access Control enabled, they cannot see the Project or Environment.
Managing Project Roles
Access Controls do not cascade through the project dependencies, therefore you will need to be precise with each project's access levels to ensure users can see all the projects in the dependency chain.
To disable Access Control, use the toggle control. Only an Organization Owner or Administrator can disable Access Control.
When you disable Access Control, all of the assigned Roles for the Project or Environment are dropped. If you want to enable Access Control again you will need to set all the roles again.
As an Organization Owner or Organization Administrator, you are not subject to Access Controls. You can freely access any Project or Environment. You are allowed to enable or disable Access Controls on Projects and Environments.
If Access Control is enabled on a Project or Environment, you may be assigned a Role. If you are a Project or Environment Owner, you can freely manage roles of others to grant or deny them access to the Project or Environment.
If you are a Project or Environment Administrator, you can manage roles of others up to being a peer Administrator within the Project or Environment, but you cannot modify the roles of Owners.
If you are a Project or Environment Contributor, you can make changes within the Project or Environment but you cannot manage access of other users within the Project or Environment.
If you are a Project or Environment Viewer, you can see content but are not allowed to make any changes within the Project or Environment.
Being an Organization Viewer means you have read-only access to the entire organization. The only Role that can be assigned to an Organization Viewer within a Project or Environment with Access Control enabled is that of a Viewer.