Roles
Roles
allow you to control who has access to sensitive team-level operations, including managing
users and creating/updating tasks and runbooks.To assign team roles, users should be added to Groups, and groups can then be
assigned roles. You can assign different roles for each environment from the group settings page.

Users who aren't in any groups with roles can still run tasks that are configured with "Team
access", or for which they are granted access explicitly.
Team roles
Team roles
Some roles are not associated with a specific environment. They can be assigned to a group when
All
is selected in the environment dropdown.Team admin
Team admin
Team admins can perform sensitive configuration changes and have full access to tasks, runs,
runbooks, and sessions, as well as any settings that affect the entire team (such as inviting new
members or controlling the allowed login methods). You should generally limit admins to team members
who need to manage and configure the entire team's access to Airplane.
By default, Airplane teams come with an Admins group that is assigned the
Team admin
role. The
first person in your team to join will be added to Admins.User manager
User manager
User managers can manage groups and invite new members, and are able to set permissions in the UI.
However, they are generally restricted from developing on Airplane. Assign this role to members that
take a purely administrative role within Airplane.
Environment-specific roles
Environment-specific roles
The Developer and Restricted developer roles apply to the specific environment they're assigned to.
This allows different levels of access for each environment.
Developer
Developer
Developers have full access to tasks, runs, runbooks, and sessions. You should generally limit
developers to team members who are developing tasks or runbooks (e.g. engineers on your team).
Restricted developer
Restricted developer
Restricted developers have similar access to developers, but cannot create or update tasks or
runbooks. The restricted developer role is useful when tasks in a given environment are fully
configured in code, since it limits direct task updates.