Admin team members can now designate individual environments of a Render project as , which prevents non-Admin members from performing potentially destructive actions within that environment (such as deleting a service or modifying environment variables).

For details, see the docs: https://docs.render.com/projects#protected-access

Bumping this!!! Would be useful especially for database deletions. Feels scary that databases can just be deleted.

I see comments about project based permissions. That would be great, but...

For us, only a limited number of people on the dev team have access to production. Say 3 out of 10. If we were to use environments, we would want to say that only these particular people have access to Production and everyone has access to Staging/QA.

Production Project <- Production Team (3 people)

QA Project <- QA Team (10 people)

As noted, double billed for 3 people. But the real concern is operational...

Company <- Company Team(10 people)

Production Project <- 3 members of Company Team

QA Project <- 10 members of Company Team

would be even better:

Company <- Company Team(10 people)

Application Project <- Assign Company Team

Production Environment <- Assign 3 members of Company Team

QA Environment <- Assign all members of Company Team

Coming from Heroku Shield, this last one is what we had.

And of course, having fine grained roles beyond Amin/Developer would allow us to give the ability for on call support staff to restart production services and view logs but not do anything else like make changes or view data. (Also, what we had with Heroku)

Are there any plans to further extend this feature? I was hoping to also see project-based permissions, such as the ability to choose which users have access to specific projects.

We've released two member roles for Render teams: and .

For teams created before today (12 October 2023), all members have been assigned the role to preserve their capabilities from before this release.

Starting today, the creator of a team is automatically assigned , and any newly invited team members are automatically assigned .

members can set the role for other members from the Team Settings page. For more, see the docs: https://render.com/docs/teams#manage-team-members

This release lays a foundation for the potential future addition of more roles. As such, we will not mark this item as Complete.

+1

I'd add a "Backup Admin" type team member, that can be added, but won't be billed until they login and activate their account.

+1 on this. I would also like to see it tied into the new Projects (https://feedback.render.com/features/p/service-groups-in-the-dashboard) feature to more granularly define who has the ability to manage which services.

Any updates on this feature?

This is crucial for us since we are undergoing compliance reviews for several frameworks (HIPPA, SOC2...).

If you could provide some rough estimation that could be super helpful.

Thank you.