Home
Install
User Guides
Administration
Setup
Infrastructure
Users
OIDC Authentication
GitHub Authentication
Password Authentication
Headless Authentication
Groups & Roles
IDP Sync
Organizations
Quotas
Sessions & API Tokens
Templates
External Provisioners
External Auth
Integrations
Networking
Monitoring
Security
Licensing
Contributing
Tutorials
Reference
Home
/
Administration
/
Users
/
Groups & Roles

Groups & Roles

Enterprise
Premium

Groups and roles can be manually assigned in Coder. For production deployments, these can also be managed and synced by the identity provider.

Groups

Groups are logical segmentations of users in Coder and can be used to control which templates developers can use. For example:

  • Users within the devops group can access the AWS-VM template
  • Users within the data-science group can access the Jupyter-Kubernetes template

Roles

Roles determine which actions users can take within the platform.

AuditorUser AdminTemplate AdminOwner
Add and remove Users
Manage groups (enterprise) (premium)
Change User roles
Manage ALL Templates
View ALL Workspaces
Update and delete ALL Workspaces
Run external provisioners
Execute and use ALL Workspaces
View all user operation Audit Logs

A user may have one or more roles. All users have an implicit Member role that may use personal workspaces.

Security notes

A malicious Template Admin could write a template that executes commands on the host (or coder server container), which potentially escalates their privileges or shuts down the Coder server. To avoid this, run external provisioners.

In low-trust environments, we do not recommend giving users direct access to edit templates. Instead, use CI/CD pipelines to update templates with proper security scans and code reviews in place.

See an opportunity to improve our docs? Make an edit.
On this page