Project Permissions

Get up to speed with Doppler's project permissions model.

Doppler has three levels of project-based access: Viewer, Collaborator, and Admin.

The workplace permissions model dictates that users with an Owner or Admin role will always have full access to every project (and environment), while users with a role of Collaborator must be granted access on a per-project (and per-environment) basis.


Role based access requires an upgraded subscription

Role based access is available with our Team and Enterprise plans. View our plans or book a demo for more details.

Collaborators can perform actions that affect the configs they have access to. For example, they can manage secrets, trusted IPs, and service tokens. Collaborators cannot rename or delete configs - renames can break services that fetch secrets via API.


Users with Owner or Admin workplace level permissions will always have Admin level project access.

The power of Doppler's project permissions model is that a user's access can be restricted at the workplace level while giving them Admin access on a project level.

This flexible and streamlined model is great for workplace security as it enables the number of workplace users with Owner or Admin access to be reduced as much as possible but without impacting project administration tasks such as adding and configuring integrations.

Granting Access

By User

You can add or modify the projects a Collaborator user has from their user page in the Team area of the dashboard. To do that, click on the user in the Users list. If the user hasn't been added to any projects, you'll see an option to add projects.

Clicking that button will open up a drawer listing all projects and will give you the option to add them to whichever projects you want. It will also let you configure what role they'll have on the project and which configs they'll have access to.

Once you've added project permissions, you'll be able to view them from that page and modify them by clicking the Edit link (or by clicking the ellipsis menu to the right of a project in the list).

By Project

Go to a project, then click the Members button.


Members can be filtered by user or group name or email. Click on their entry in the results and then click Add to add them to the project.


Once they've been added, you can select their role and which environments they can access.


Updating Access

You can alter the role and environments a user can access by checking the appropriate boxes in the Member Access area.


Removing Access

If you would like to remove a user's access to a project, click the Remove button. Removing a user will immediately revoke access to that project in both the dashboard and API.