Access Control
Access control within DeployClear encompasses two entirely separate scopes: Organization Access and Team Access.
1. Organization Access
The /access route is an Organization-level setting. Here, you define who is allowed inside the walls of your DeployClear instance.
- Inviting Users: Click Invite Member, enter their email, and assign an overarching organization role.
- Organization Roles:
- Owner: Full billing and destructive privileges.
- Admin: Can invite users to the organization and manage global integrations.
- Member: Can only see Teams they are explicitly invited to.
When you invite a user, an email is dispatched via Resend. The user clicks the link to join the Organization.
2. Team Access
Once a user is in the Organization, they still cannot see any infrastructure. You must add them to a specific Workspace.
Navigate to a Team, then select Access under the Administration header (or go directly to /team/access).
Here you configure your granular 4-tier Role-Based Access Control (RBAC):
- Owner (Level 4): Total team-level control.
- Admin (Level 3): Can manage Team Access and configure GitHub/State.
- DevOps (Level 2): Can manage Secrets, create Blocks, and Critically: Approve Deployment Requests.
- Member (Level 1): Read-only visibility. Can create Requests, but cannot approve them.
By carefully segmenting users across Teams and limiting DevOps roles to senior engineers, you create a vastly more compliant and error-resistant deployment lifecycle.