Buf Schema Registry (BSR)

Manage members and roles

An organization member is a BSR user who can access your BSR organization's resources. Once designated, they can push to any of the organizations repositories and import them as a dependency. Only members with admin access are allowed to perform any administrative tasks such as base resource roles or adding other members.

Members can be added by owners and admins of the organization. Members are granted the organization's base resource role, which defaults to write, but is configurable by owners and admins.

Add a member

To add a member to an organization, sign in to the Buf Schema Registry, navigate to the organizations Settings page, and then select Add member.

Add member to organization

When adding a member to an organization, there are a few important things to keep in mind:

  • Members must already have an active Buf account.
  • Members can be added by owners and admins of the organization.
  • Members are granted the organization's base resource role, which defaults to write, but is configurable by owners and admins.

Member roles

Every user that is part of an organization has an explicit role. Note that users are unable to modify their own role. If you need to lower your access, have another organization user perform this action, or, leave the organization and request to be re-added with the desired role.

Member

  • Can view the organization and its members.
  • Inherits the base resource roles on existing organization resources (the default is Write).

Writer

  • Can view the organization and its members.
  • Inherits Write roles over existing organization resources, regardless of the organization's base resource roles.

This role is especially useful with CI pipelines. For example, you could set the organization base roles to Read and configure a bot user to push to a BSR repository on merge.

If you're on a Pro or Enterprise plan, see Bot users for specifics related to bot users on your private BSR server.

Admin

Owner

  • Users that require unrestricted access to the organization, its settings, and all resources owned by the organization.
  • Can add and delete resources such as repositories and plugins.
  • Can delete organization. All resources such as repositories and plugins must be deleted before the organization can be deleted.

You can also assign more granular member rights ("Read", "Limited Write", "Write", "Admin") on Buf Schema Registry repositories. For more information see the repository documentation.

Base resource roles

Base roles apply to all members of the organization. The base role can be elevated individually for the organization members, and outside collaborators can be added with an arbitrary role. Every organization has a set of base resource roles that apply to all members of the organization. The default roles:

Repository
Write

Organization owners can modify the base resource roles depending on the requirements of the organization. These roles are configurable on the organization settings page.

Base repository role

  • Read Can read the repository, and import it as a dependency.
  • Limited Write Can write to non-main branches in the repository.
  • Write Can write to the repository, such as by pushing new content or creating tags.
  • Admin Can administer the repository, including managing access, updating settings like its visibility status and deleting the repository.