Teams come with six predefined roles which cover common use cases for levels of access.
The predefined roles are owner, biller, billing viewer, member, modifier, and resource viewer. Each role has a different set of permissions:
| Role | Shared Resources | Billing Information | Team Settings |
|---|---|---|---|
| Owner | 🟢 Full access | 🟢 Full access | 🟢 Full access |
| Biller | 🔴 No access | 🟢 Full access | 🔴 No access |
| Billing Viewer | 🔴 No access | 🟡 Limited read only | 🔴 No access |
| Member | 🟢 Full access | 🔴 No access | 🟡 Read only |
| Modifier | 🟡 Full access except delete | 🔴 No access | 🟡 Read only |
| Resource Viewer | 🟡 Read only | 🔴 No access | 🟡 Read only |
Shared resources include DigitalOcean infrastructure components and some team resources:
Billing information includes everything on the Billing page tabs, like payment methods and promos. However, billing viewers cannot view billing settings on the Settings tab.
Team settings includes the settings on the Team tab of the Settings page:
Personal access tokens for the API are unique to the people who generated them. The permissions of your team role control the scopes available to your API tokens.