Skip to content

Manage members and roles

An organization member is a BSR user who can access your BSR organization's resources. Once designated, they can push modules to any of the organization's repositories and import them as a dependency.

Add a member

To add a member to an organization, sign in to the Buf Schema Registry, navigate to the organizations Settings page, and then select Add member.

Add member to organization

When adding a member to an organization, keep a few important things in mind:

  • Members must already have an active Buf account.
  • The organization's owners and admins can add members, who then have the organization's base resource role.
  • The base resource role is Write by default, but is configurable by owners and admins.

Member roles

Every user that's part of an organization has an explicit role. Users are unable to modify their own role. If you need to lower your access, have another organization user perform this action or leave the organization and request to be re-added with the desired role.

Member

  • Can view the organization and its members.
  • Inherits the base resource roles on existing organization resources (the default is Write).

Writer

  • Can view the organization and its members.
  • Can add resources such as repositories and plugins.
  • Inherits Write roles over existing organization resources, regardless of the organization's base resource roles.

This role is especially useful with CI pipelines. For example, you could set the organization base roles to Read and configure a bot user to push to a BSR repository on merge.

If you're on a Pro or Enterprise plan, see Bot users for specifics related to bot users on your private BSR instance.

Admin

Owner

  • Users that require unrestricted access to the organization, its settings, and all resources owned by the organization.
  • Can add and delete resources such as repositories and plugins.
  • Can delete organization. You must delete all resources such as repositories and plugins before deleting the organization.

You can also assign more granular member rights ("Read", "Limited Write", "Write", "Admin") on BSR repositories. For more information see the repository documentation.

Base resource roles

Base roles apply to all members of the organization. You can elevate the base role individually for the organization members, and add outside collaborators with an arbitrary role. Every organization has a set of base resource roles that apply to all members of the organization. The default roles:

Repository
Write

Organization owners can modify the base resource roles depending on the requirements of the organization. These roles are configurable on the organization settings page.

Base repository role

  • Read: Can read the repository and import it as a dependency.
  • Limited Write: Can write to non-default labels. Can't write to the default label.
  • Write: Can create and write to repositories, such as by pushing new content or creating labels.
  • Admin: Can administer the repository, including managing access, updating settings like visibility status, and deleting the repository.