Roles overview
Every member of your Varo Cloud organization is assigned one of four roles. The table below summarizes what each role can do.| Role | Can Deploy | Can Configure | Can Manage Billing | Can Manage Members |
|---|---|---|---|---|
| Owner | ✅ | ✅ | ✅ | ✅ |
| Admin | ✅ | ✅ | ❌ | ✅ |
| Developer | ✅ | ❌ | ❌ | ❌ |
| Viewer | ❌ | ❌ | ❌ | ❌ |
- Owner — full control over the organization, including billing and ownership transfer. Only one Owner exists per organization.
- Admin — can do everything the Owner can except manage billing and transfer ownership. Suitable for team leads who need full operational control.
- Developer — can trigger and manage deployments but cannot change environment configuration, integrations, or team membership. Suitable for most engineers.
- Viewer — read-only access to dashboards, logs, and metrics. Suitable for stakeholders who need visibility without making changes.
Invite a teammate
Enter the person's email address
Type the email address of the person you want to invite. The address does not need to be associated with an existing Varo Cloud account.
Select a role
Choose the role that matches the access level this person needs: Owner, Admin, Developer, or Viewer. You can change the role later at any time.
Change a member’s role
To update the role of an existing team member, go to Settings → Team, click the member’s name, select Change Role, choose the new role from the dropdown, and click Save. Role changes take effect immediately — the affected member’s session will reflect the new permissions on their next page load.Remove a team member
To remove someone from your organization, go to Settings → Team, click the ••• menu next to the member you want to remove, and select Remove. You will be asked to confirm before the change is applied. When a member is removed:- Their access to the dashboard is revoked immediately
- All API keys associated with their account are invalidated
- Any deployments they triggered remain in the deployment history and are unaffected
Project-level access (Enterprise)
On Enterprise plans, you can define access controls at the project level in addition to the organization-level roles described above. Project-level access lets you, for example, restrict a Developer so they can only deploy to specific projects, or give a Viewer access to one project’s monitoring data without exposing other projects. Project-level permissions are configured from Project → Settings → Access Control and override the organization role for members within that project. Contact your account manager or visit the Enterprise documentation for full details.The organization Owner role cannot be removed by any other team member. If you need to transfer ownership to someone else, go to Settings → Organization → Transfer Ownership. The new owner must be an existing Admin on the account. After the transfer, your role automatically changes to Admin.
