Skip to main content

User roles

Organization owners can assign role-based access levels to individual participants and teams in an organization workspace.

tip

You can group members and collaborators into teams and apply a role to that team. Members and collaborators inherit the access role of the team.

Organization user roles

  • Owner: After an organization is created, the user who created the organization is the default owner of that organization. Additional users can be assigned as organization owners. Owners have full read/write access to modify members, teams, collaborators, and settings within an organization.
  • Member: A member is a user who is internal to the organization. Members have an organization role and can operate in one or more organization workspaces. In each workspace, members have a participant role that defines the permissions granted to them within that workspace.

Role inheritance

If a user is concurrently assigned to a workspace as both a named participant and member of a team, Seqera assigns the higher of the two privilege sets.

Example:

  • If the participant role is Launch and the team role is Admin, the user will have Admin rights.
  • If the participant role is Admin and the team role is Launch, the user will have Admin rights.
  • If the participant role is Launch and the team role is Launch, the user will have Launch rights.

As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are necessary.

Workspace participant roles

note

Workspace participants with any role can leave the workspace, i.e., remove themselves as a workspace participant. However, only workspace owners and admins can add or remove workspace participants other than themselves.

Permission / RoleOwnerAdminMaintainLaunchConnectView
Organization: Settings: Add, edit, delete
Organization: Workspaces: Add, delete
Organization: Workspaces: Edit, change visibility
Organization: Members: Add, delete, change role
Organization: Teams: Add, edit, delete
Organization: Teams: Members: Add, remove
Organization: Teams: Workspaces: Add, remove, change role
Organization: Collaborators: Add, edit, delete
Organization: Managed identities: Add, delete
Organization: Managed identities: Edit
Organization: Managed identities: Users: Manage credentials
Workspace: Settings: Studios: Edit session lifespan
Workspace: Settings: Labels & Resource Labels: Add, edit, delete
Workspace: Compute environments: Add, rename, make primary, duplicate, delete
Workspace: Actions: Add, edit, delete
Workspace: Credentials: Add, edit, delete
Workspace: Secrets: Add, edit, delete
Workspace: Participants: Add, remove, change role
Workspace: Pipelines: Launch
Workspace: Pipelines: View
Workspace: Pipelines: Define input/output parameters
Workspace: Pipelines: Modify execution configurations
Workspace: Pipelines: Add, edit, duplicate, delete
Workspace: Pipelines: Modify resource labels
Workspace: Pipelines: Run: Apply labels, relaunch, save as new pipeline
Workspace: Pipelines: Run: Resume, delete, star (favourite)
Workspace: Pipelines: Modify resource labels
Workspace: Datasets: Add, edit
Workspace: Datasets: Delete
Workspace: Data Explorer: Upload, download, preview data
Workspace: Data Explorer: Attach, edit, remove buckets
Workspace: Data Explorer: Hide/unhide buckets
Workspace: Data Explorer: Edit bucket metadata
Workspace: Studios: Add, edit, delete a studio
Workspace: Studios: List/search/view studios
Workspace: Studios: Connect to a running session
Workspace: Studios: Add, edit, delete studio
Workspace: Studios: Edit studio resource labels
Workspace: Studios: Start, stop studio session
Workspace: Studios: Add as new (duplicate studio)
Workspace: Studios: Checkpoints: Edit studio checkpoint name
Workspace: View (read-only) resources