Teams Predefined Roles
Validated on 19 Jun 2018 • Last edited on 18 Mar 2025
Teams come with six predefined roles which cover common use cases for levels of access.
The predefined roles are owner, biller, billing viewer, member, modifier, and resource viewer. Each role has a different set of permissions:
Role | Shared Resources | Billing Information | Team Settings |
---|---|---|---|
Owner | 🟢 Full access | 🟢 Full access | 🟢 Full access |
Biller | 🔴 No access | 🟢 Full access | 🔴 No access |
Billing Viewer | 🔴 No access | 🟡 Limited read only | 🔴 No access |
Member | 🟢 Full access | 🔴 No access | 🟡 Read only |
Modifier | 🟡 Full access except delete | 🔴 No access | 🟡 Read only |
Resource Viewer | 🟡 Read only | 🔴 No access | 🟡 Read only |
Shared resources include DigitalOcean infrastructure components and some team resources:
- All DigitalOcean resources, like Droplets, volumes, and managed databases
- The resources on the Security tab of the Settings page:
- Public SSH keys uploaded to the team
- SSL certificates uploaded to the team
- Security history
- Referral codes
- API-authorized applications
- Support tickets
Billing information includes everything on the Billing page tabs, like payment methods and promos. However, billing viewers cannot view billing settings on the Settings tab.
Team settings includes the settings on the Team tab of the Settings page:
- Team membership
- Team roles
- Team name
- Team contact email
- Secure sign-in
- Droplet limit
Personal access tokens for the API are unique to the people who generated them. The permissions of your team role control the scopes available to your API tokens.