Create and manage users

You can manage user access to Magento Commerce Cloud projects by assigning users one or more roles. You can add and manage user accounts for the entire project and permissions per available environment.

Adding or updating user account information for a Magento Commerce Cloud environment triggers the build and deploy process automatically, which takes your site offline until the deployment completes. For Production environments, we recommend completing user account management tasks during off-peak hours to prevent service disruptions.

Account owner role

The License Owner is the only user with the Account Owner role. This user can perform any task in any project or environment, including deleting it. The account is associated with the email address, name, and information for the person who registered the Magento Commerce Cloud account through the account creation process.

The account has super user access and additional capabilities for managing all aspects of your project and environments.

Project-level roles

You can assign the following project-level roles to users:

  • The Super user role grants administrator access to all environments. They can change settings and execute actions on any environment, including creating and restoring snapshots.
  • The Project reader role grants view access to all environments in a project. Users with this role cannot execute actions on any environment.

Environment-level roles

A project reader can have one of the following roles per environment:

  • The Admin role grants access to change settings and execute actions on an environment, including merging with the parent environment.
  • The Contributor role grants access to push code to an environment and branch the environment.
  • The Reader role, also referred to as the viewer role grants view-only access to an environment.

Role management best practices

  • We recommend that you limit the project Super user role and environment Admin roles to as few users as possible.

  • When a development team works on a project, the team leader can be the project administrator who decides which roles to assign to team members. For example, the team lead might assign one team member as a Contributor to one environment, assign another as an Admin on a different environment, and assign the Reader role to the customer on the master environment.`

  • Assign the Contributor role to users who require view access to an environment as well as the capability to commit code and branch the environment.

An environment contributor can push code to the environment, but that user role does not have SSH access to the environment. By default, only environment administrators have SSH access. You can change this behavior by updating the access configuration in the .magento.app.yaml file to include ssh: contributor.

Create and manage users

You can create and manage users using the Magento Cloud CLI or the Magento Commerce Cloud Project Web UI.

Manage users with the CLI

You can use the Magento Commerce Cloud command line client to manage users and integrate this with any other automated system.

Available commands:

  • magento-cloud user:add–add a user to the project
  • magento-cloud user:delete–delete a user
  • magento-cloud user:list [users]–list project users
  • magento-cloud user:role–view or change the user role

The following examples show how to add a user and configure the project and environment-level role, and how to how to modify project assignments and assigned user roles.

To add a user and assign roles:

  1. Add the user:

    1
    
    magento-cloud user:add
    
  2. Follow the prompts to specify the user email address, set the project and environment roles, and add the user:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    
    Enter the user's email address: alice@example.com
    
    Email address: alice@example.com
    
    The user's project role can be 'viewer' ('v') or 'admin' ('a').
    Project role [V/a]: a
    The user's environment-level roles can be 'viewer', 'contributor', or 'admin'.
    development environment role [V/c/a]: c
    Summary:
      Email address: alice@example.com
      Project role: contributor
    Adding users can result in additional charges.
    Are you sure you want to add this user? [Y/n]
    Adding the user to the project
    

    This operation triggers the Cloud build and deploy process, which takes your site offline until deployment completes. For Production environments, we recommend completing this operation during off-peak hours to prevent service disruptions.

    After you add the user, Magento sends an email to the specified address with instructions for accessing the Magento Commerce Cloud project.

The following example changes the environment-level role that is assigned to a user:

1
magento-cloud user:role alice@example.com --level environment --environment development --role admin

To list the available magento-cloud CLI commands, use the magento-cloud list command.

Manage users from the Project Web UI

To create user accounts from the Project Web UI:

  1. Log in to your Magento Commerce Cloud account.

  2. Click the Projects tab as the following figure shows.

    Click the projects tab to access your Cloud project

  3. Click the name of your project.

  4. Click the configure project button next to project name in the top navigation bar as the following figure shows.

    Configure the project

  5. In the right pane, click Add Users.

    Start creating users

  6. Click Add User.

    Add users

  7. Enter the user e-mail address.

  8. Select the access for the account:

    • For a project administrator account, select the Super User checkbox. This provides Admin rights for all settings and environments. If not selected, the account has only view options for all project environments.

    • Select permissions per specific environment (or branch) in the Integration environment: No access, Admin (change settings, execute action, merge code), Contributor (push code), or Reader (view only). When you add active environments, you can modify permissions per user.

  9. Click Add User.

    This operation triggers the Cloud build and deploy process, which takes your site offline until deployment completes. For Production environments, we recommend completing this operation during off-peak hours to prevent service disruptions.

The user you add receives an email inviting them to join the Magento Commerce Cloud project with instructions for account registration and email verification.