Permissions Reference
Permissions are granted to teams, which are then assigned to members and service accounts. A member's effective permissions are the union of all their teams' permissions.
Organisation permissions
These permissions apply at the organisation level, regardless of which repositories are selected on the team.
| Permission | What it allows |
|---|---|
| Manage organisation | Manage organisation settings such as authentication and custom domains, and delete the organisation. |
| Manage subscription | Change subscription plan and update payment details. |
| View teams, members and service accounts | View all teams, members, service accounts, and access tokens within the organisation. |
| Manage teams, members and service accounts | Full control over teams, members, service accounts, and their access tokens. This permission cannot be added to a custom team - use the Organisation Administrators team to grant it. |
| View events | View package transfer and audit events for the organisation and all repositories. |
| Add repositories | Create new repositories in the organisation. Automatically grants view access to all repositories. |
Repository permissions
These permissions apply at the repository level. If a team has Selected Repositories configured, the permissions only apply to those repositories.
| Permission | What it allows |
|---|---|
| View packages | Search, browse, and download packages. Automatically granted for any repository selected on the team. |
| Manage packages | Upload, replace, and delete packages. |
| Change repository settings | Modify repository settings and manage upstreams, integrations, and release triggers. |
| Remove repositories | Delete repositories the member has access to, along with all their packages. |
Common permission setups
Read-only access to a single repository
Create a team, choose Selected Repositories, select the repository, and grant only View packages. Do not check any other permissions.
CI/CD service account
Create a service account, add it to a team with Manage packages on the repositories it needs to push to. Grant no organisation-level permissions.
Developer with full access
Add the member to the Everyone team (or a custom team) with View packages and Manage packages on all repositories.