Documentation Index
Fetch the complete documentation index at: https://cloud.laravel.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Introduction
Laravel Cloud uses role-based access control (RBAC) to manage what each member of your organization can do. Every member is assigned a role, and that role determines which actions they can perform — from deploying environments to managing billing. As your team grows, RBAC helps you give everyone the right level of access without exposing sensitive settings or destructive actions.Plan availability
Laravel Cloud offers two tiers of RBAC, and the tier available to your organization depends on your plan:| Starter | Growth | Business & Enterprise | |
|---|---|---|---|
| Basic RBAC | |||
| Team roles | Admin, Developer | All team roles | All team roles |
| Advanced RBAC | |||
| Custom roles | — | — | |
| Application and environment-level access | — | — | |
| Restricted role | — | — |
Team roles
Laravel Cloud ships with a set of predefined team roles designed to cover the most common team structures. These roles cannot be modified, but each one has a carefully chosen set of permissions.Admin
Full access to everything in the organization, including member management, billing, integrations, and all resources. Every organization has at least one Admin.Manager
Broad operational access for day-to-day work. Managers can do nearly everything an Admin can, except delete the organization or edit billing settings.Developer
Build and operate applications, environments, databases, caches, and other resources. Developers cannot manage organization settings such as members, invitations, integrations, API tokens, or billing.Finance
Focused access for billing and usage visibility. Finance users can edit billing settings and view usage data, but don’t have access to technical resources or organization management.Viewer
Read-only access across the organization. Viewers can see applications, environments, instances, databases, caches, object storage, WebSocket servers, edge networks, private connections, logs, metrics, and usage. Viewers cannot create, edit, or delete anything, and cannot view environment variables or resource credentials.Restricted
Restricted members have no access by default and must be granted explicit access to individual applications or environments. This is useful for contractors, auditors, or teammates who should only see a specific slice of your organization. The Restricted role is available with Advanced RBAC on the Business and Enterprise plans, and is intended to be paired with application and environment-level access. Restricted members also inherit access to preview environments based on the scope they’re granted.Permissions
Each role is made up of individual permissions that control specific actions, such as creating a database, viewing environment variables, or managing domains. Permissions are organized into eight groups that match the sections of Laravel Cloud:| Group | Controls |
|---|---|
| Organization | Organization settings, members, invitations, roles, billing, integrations, API tokens, notifications, and usage |
| Applications | Creating, editing, and deleting applications, application notifications, and automations |
| Environments | Creating and managing environments, instances, domains, environment variables, deploy hooks, commands, logs, metrics, and deployments |
| Databases | Creating, editing, and deleting database clusters, databases, snapshots, credentials, and restores |
| Caches | Creating, editing, and deleting caches and cache credentials |
| Object storage | Creating, editing, and deleting buckets, objects, credentials, and access keys |
| WebSockets | Creating, editing, and deleting WebSocket clusters and applications |
| Network | Viewing edge networks, managing network rules, and managing private connections |
Custom roles
Custom roles are available with Advanced RBAC on the Business and Enterprise plans.
- Create a new role with a name, description, and selected permissions
- Edit an existing custom role’s name, description, or permissions
- Delete a custom role, provided no members are currently assigned to it
Application and environment-level access
Application and environment-level access is available with Advanced RBAC on the Business and Enterprise plans.
- Application-level — the member has access to every environment within the selected applications.
- Environment-level — the member has access only to the specific environments you choose, even if the parent application has other environments.
Preview environments
Preview environments are created automatically from a parent environment when a pull request is opened, so access to them is inherited from the access you’ve already granted:- Members with application-level access automatically have access to every preview environment created within that application.
- Members with environment-level access automatically have access to any preview environments replicated from the environments they’ve been granted access to.
Managing organization members and roles
Admins can manage members and assign roles from Settings > Members in the organization dashboard. From this page you can:- Invite new members and assign them a role
- Change an existing member’s role
- Remove members from the organization
- Revoke pending invitations