Access Roles
Vercel distinguishes between different roles to help manage team members' access levels and permissions. These roles are categorized into two groups: team level and project level roles. Team level roles are applicable to the entire team, affecting all projects within that team. Project level roles are confined to individual projects.
The two groups are further divided into specific roles, each with its own set of permissions and responsibilities. These roles are designed to provide a balance between autonomy and security, ensuring that team members have the access they need to perform their tasks while maintaining the integrity of the team and its resources.
- Team level roles: Users who have access to all projects within a team
- Project level roles: Users who have restricted access at the project level. Only contributors can have configurable project roles
Team level roles are available on Enterprise and Pro plans.
Team level roles are designed to provide a broad level of control and access to the team as a whole. These roles are assigned to individuals and apply to all projects within the team, ensuring centralized control and access while upholding the team's security and integrity.
| Role | Description |
|---|---|
| Owner | Have the highest level of control. They can manage, modify, and oversee the team's settings, all projects, team members and roles. |
| Member | Have full control over projects and most team settings, but cannot invite or manage users by default. |
| Developer | Can deploy to projects and manage environment settings but lacks the comprehensive team oversight that an owner or member possesses. |
| Security | Can manage security features, IP blocking, firewall. Cannot create deployments by default. |
| Billing | Primarily responsible for the team's financial management and oversight. The billing role also gets read-only access to every project. |
| Pro Viewer | Has limited read-only access to projects and deployments, ideal for stakeholder collaboration |
| Enterprise Viewer | Has read-only access to the team's resources and projects. |
| Contributor | A unique role that can be configured to have any of the project level roles or none. If a contributor has no assigned project role, they won't be able to access that specific project. Only contributors can have configurable project roles. |
See the Team Level Roles Reference for a complete list of roles and their permissions.
The owner role is available on Enterprise and Pro plans.
| About | Details |
|---|---|
| Description | The owner role is the highest level of authority within a team, possessing comprehensive access and control over all team and project settings. |
| Key Responsibilities | - Oversee and manage all team resources and projects - Modify team settings, including billing and member roles - Grant or revoke access to team projects and determine project-specific roles for members - Access and modify all projects, including their settings and deployments |
| Access and Permissions | Owners have unrestricted access to all team functionalities, can modify all settings, and change other members' roles. Team owners inherently act as project administrators for every project within the team, ensuring that they can manage individual projects' settings and deployments. |
Teams can have more than one owner. For continuity, we recommend that at least two individuals have owner permissions. Additional owners can be added without any impact on existing ownership. Keep in mind that role changes, including assignment and revocation of team member roles, are an exclusive capability of those with the owner role.
See the Team Level Roles Reference for a complete list of roles and their permissions.
The member role is available on Enterprise and Pro plans.
Members play a pivotal role in team operations and project management.
Key responsibilities
- Create deployments and manage projects
- Set up integrations and manage project-specific domains
- Handle deploy hooks and adjust Vercel Function settings
- Administer security settings for their assigned projects
Access and permissions
Certain team-level settings remain exclusive to owners. Members cannot edit critical team settings like billing information or invite new users to the team, this keeps a clear boundary between the responsibilities of members and owners.
| About | Details |
|---|---|
| Description | Members play a pivotal role in team operations and project management. |
| Key Responsibilities | - Create deployments and manage projects - Set up integrations and manage project-specific domains - Handle deploy hooks and adjust Serverless Function settings - Administer security settings for their assigned projects |
| Access and Permissions | Certain team-level settings remain exclusive to owners. Members cannot edit critical team settings like billing information or invite new users to the team, keeping a clear boundary between the responsibilities of members and owners. |
To assign the member role to a team member, refer to our Adding team members and assigning roles documentation.
See the Team Level Roles Reference for a complete list of roles and their permissions.
The developer role is available on Enterprise plans
| About | Details |
|---|---|
| Description | Central to the team's operational functionality, developers ensure a balance between project autonomy and the safeguarding of essential settings. |
| Key Responsibilities | - Create deployments and manage projects - Control environment variables, particularly for preview and development environments - Manage project domains - Create a production build by committing to the main branch of a project. Developers can also create preview branches and preview deployments by committing to any branch other than main |
| Access and Permissions | While developers have significant access to project functionalities, they are restricted from altering production environment variables and team-specific settings. They cannot invite new team members. Only contributors can be assigned project level roles; developers cannot. Developers can deploy to production by merging to the production branch in Git-based workflows. |
Central to the team's operational functionality, developers ensure a balance between project autonomy and the safeguarding of essential settings.
Key responsibilities
- Create deployments and manage projects
- Control environment variables, particularly for preview and development environments
- Manage project domains
- Create a production build by committing to the
mainbranch of a project. Note that developers can create preview branches and preview deployments by committing to any branch other thanmain
Access and permissions
While Developers have significant access to project functionalities, they are restricted from altering production environment variables and team-specific settings. They are also unable to invite new team members. Note that the capability to become a project administrator is reserved for the contributor role. Those with the developer role cannot be assigned project level roles.
Developers can deploy to production through merging to the production branch for Git projects.
Additional information
To assign the developer role to a team member, refer to our Adding team members and assigning roles documentation.
See the Team Level Roles Reference for a complete list of roles and their permissions.
The contributor role is available on Enterprise plans
Contributors offer flexibility in access control at the project level. To limit team members' access at the project level, they must first be assigned the contributor role. Only after being assigned the contributor role can they receive project-level roles. Contributors have no access to projects unless explicitly assigned.
Contributors may have project-specific role assignments, with the potential for comprehensive control over assigned projects only.
Key responsibilities
- Typically assigned to specific projects based on expertise and needs
- Initiate deployments - Depending on their assigned project role
- Manage domains and set up integrations for projects if they have the project administrator role assigned
- Adjust Vercel functions and oversee deploy hooks
Access and permissions
Contributors can be assigned to specific projects and have the same permissions as project administrators, project developers, or project viewers. They can also be assigned no project role, which means they won't be able to access that specific project.
| About | Details |
|---|---|
| Description | Contributors offer flexibility in access control at the project level. To limit team members' access at the project level, they must first be assigned the contributor role. Only after being assigned the contributor role can they receive project-level roles. - Contributors have no access to projects unless explicitly assigned. - Contributors may have project-specific role assignments, with the potential for comprehensive control over assigned projects only. |
| Key Responsibilities | - Typically assigned to specific projects based on expertise and needs - Initiate deployments — Depending on their assigned project role - Manage domains and set up integrations for projects if they have the project administrator role assigned - Adjust Serverless Functions and oversee deploy hooks |
| Access and Permissions | Contributors can be assigned to specific projects and have the same permissions as project administrators, project developers, or project viewers. They can also be assigned no project role, which means they won't be able to access that specific project. See the Project level roles section for more information on project roles. |
To assign the contributor role to a team member, refer to our Adding team members and assigning roles documentation.
See the Team Level Roles Reference for a complete list of roles and their permissions.
The security role is available on Enterprise plans
| About | Details |
|---|---|
| Description | Inspect and manage Vercel security features. |
| Key Responsibilities | - Manage Firewall - Rate Limiting - Deployment Protection |
| Access and Permissions | The security role is designed to provide focused access to security features and settings. This role also has read-only access to all projects within the team. |
This role does not offer deployment permissions by default.
See the Team Level Roles Reference for a complete list of roles and their permissions.
The billing role is available on Enterprise and Pro plans.
| About | Details |
|---|---|
| Description | Specialized for financial operations, the billing role oversees financial operations and team resources management. |
| Key Responsibilities | - Oversee and manage the team's billing information - Review and manage team and project costs - Handle the team's payment methods |
| Access and Permissions | The billing role is designed to provide financial oversight and management, with access to the team's billing information and payment methods. This role also has read-only access to all projects within the team. |
The billing role can be assigned at no extra cost. For Pro teams, it's limited to one member while for Enterprise teams, it can be assigned to multiple members.
To assign the billing role to a team member, refer to our Adding team members and assigning roles documentation.
Compatible permission group: UsageViewer.
See the Team Level Roles Reference for a complete list of roles and their permissions.
The Pro Viewer role is available on Pro plans
An observational role designed for Pro teams, Pro Viewer members can monitor team activities and collaborate on projects with limited administrative visibility.
Key responsibilities
- Monitor and inspect all team projects and deployments
- Collaborate on preview deployments with commenting and feedback capabilities
- Review project-level performance data and analytics
Access and permissions
Pro Viewer members have read-only access to core project functionality but cannot view sensitive team data. They are restricted from:
- Viewing observability and log data
- Accessing team settings and configurations
- Viewing detailed usage data and billing information
Pro Viewer members cannot make changes to any settings or configurations.
Additional information
Pro Viewer seats are provided free of charge on Pro teams, making them ideal for stakeholders who need project visibility without full administrative access.
To assign the Pro Viewer role to a team member, refer to the adding team members and assigning roles documentation.
See the Team Level Roles Reference for a complete list of roles and their permissions.
The viewer role is available on Enterprise plans
| About | Details |
|---|---|
| Description | An observational role, viewers are informed on team activities without direct intervention. |
| Key Responsibilities | - Monitor and inspect all team projects - Review shared team resources - Observe team settings and configurations |
| Access and Permissions | Viewers have broad viewing privileges but are restricted from making changes. |
The Enterprise Viewer role is available on Enterprise plans
An observational role with enhanced visibility for Enterprise teams, Enterprise Viewer members have comprehensive read-only access to team activities and operational data.
Key responsibilities
- Monitor and inspect all team projects and deployments
- Collaborate on preview deployments with commenting and feedback capabilities
- Review project-level performance data and analytics
- Access observability and log data for troubleshooting and monitoring
- View team settings and configurations for governance and compliance
- Monitor usage data and resource consumption patterns
Access and permissions
Enterprise Viewer members have comprehensive read-only access across the team, including sensitive operational data that Pro viewers cannot access. This enhanced visibility supports Enterprise governance and compliance requirements.
Enterprise Viewer members cannot make changes to any settings or configurations but have visibility into all team operations.
Additional information
The enhanced access provided by Enterprise Viewer roles makes them ideal for compliance officers, auditors, and senior stakeholders who need full operational visibility.
To assign the Enterprise Viewer role to a team member, refer to the adding team members and assigning roles documentation.
Compatible permission group: UsageViewer.
See the Team Level Roles Reference for a complete list of roles and their permissions.
Project level roles are available on Enterprise plans
Project level roles provide fine-grained control and access to specific projects within a team. These roles are assigned to individuals and are restricted to the projects they're assigned to, allowing for precise access control while preserving the overarching security and integrity of the team.
| Role | Description |
|---|---|
| Project Administrator | Team owners and members inherently act as project administrators for every project. Project administrators can create production deployments, manage all project settings, and manage production environment variables. |
| Project Developer | Can deploy to the project and manage its environment settings. Team developers inherently act as project developers. |
| Project Viewer | Has read-only access to a specific project. Both team billing and viewer members automatically act as project viewers for every project. |
See the Project Level Roles Reference for a complete list of roles and their permissions.
The project administrator role is available on Enterprise plans
| About | Details |
|---|---|
| Description | Project administrators hold significant authority at the project level, operating as the project-level counterparts to team members and owners. |
| Key Responsibilities | - Govern project settings - Deploy to all environments - Manage all environment variables and oversee domains |
| Access and Permissions | Their authority doesn't extend across all projects within the team. Project administrators are restricted to the projects they're assigned to. |
To assign the project administrator role to a team member, refer to our Assigning project roles documentation.
See the Project Level Roles Reference for a complete list of roles and their permissions.
The project developer role is available on Enterprise plans
| About | Details |
|---|---|
| Description | Project developers play a key role in working on projects, mirroring the functions of team developers, but with a narrowed project focus. |
| Key Responsibilities | - Initiate deployments - Manage environment variables for development and preview environments - Handle project domains |
| Access and Permissions | Project developers have limited scope, with access restricted to only the projects they're assigned to. |
To assign the project developer role to a team member, refer to our Assigning project roles documentation.
See the Project Level Roles Reference for a complete list of roles and their permissions.
The project viewer role is available on Enterprise plans
| About | Details |
|---|---|
| Description | Adopting an observational role within the project scope, they ensure transparency and understanding across projects. |
| Key Responsibilities | - View and inspect all deployments - Review project settings - Examine environment variables across all environments and view project domains |
| Access and Permissions | They have a broad view but can't actively make changes. |
To assign the project viewer role to a team member, refer to our Assigning project roles documentation.
See the Project Level Roles Reference for a complete list of roles and their permissions.
Existing team roles can be combined with permission groups to create custom access configurations based on your team's specific needs. This allows for more granular control over what different team members can do within the Vercel platform. The table below outlines key permissions that can be assigned to customize roles.
| Permission | Description | Compatible Roles | Already Included in |
|---|---|---|---|
| Create Project | Allows the user to create a new project. | Developer, Contributor | Owner, Member |
| Full Production Deployment | Deploy to production from CLI, rollback and promote any deployment. | Developer, Contributor | Owner, Member |
| Usage Viewer | Read-only usage team-wide including prices and invoices. | Developer, Security, Billing, Viewer | Owner |
| Environment Manager | Create and manage project environments. | Developer | Owner |
| Environment Variable Manager | Create and manage environment variables. | Developer | Owner, Member |
| Deployment Protection Manager | Configure password protection, deployment protection by pass, and Vercel Authentication for projects. | Developer | Owner, Member |
See permission groups for a complete list of roles, their permissions, and how they can be combined.
Was this helpful?