Skip to content

Commit f7bccbd

Browse files
danielrsdanielrs
committed
feat: add "Workers Platform (Read-only)" role
The role should provide read-only access to most Workers Platform products: https://www.cloudflare.com/developer-platform/products/ These include: - Workers - Pages - Durabe Objects - KV - R2 - etc
1 parent 31a1024 commit f7bccbd

File tree

1 file changed

+6
-5
lines changed
  • src/content/docs/fundamentals/setup/manage-members

1 file changed

+6
-5
lines changed

src/content/docs/fundamentals/setup/manage-members/roles.mdx

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ Account-scoped roles apply across an entire Cloudflare account, and through all
2323
| API Gateway | Grants full access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
2424
| API Gateway Read | Grants read access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
2525
| Audit Logs Viewer | Can view [Audit Logs](/fundamentals/setup/account/account-security/review-audit-logs/). |
26-
| Bot Management (Account-wide) | Can edit [Bot Management](/bots/plans/bm-subscription/) (including [Super Bot Fight Mode](/bots/get-started/super-bot-fight-mode/)) configurations for all domains in account. |
26+
| Bot Management (Account-wide) | Can edit [Bot Management](/bots/plans/bm-subscription/) (including [Super Bot Fight Mode](/bots/get-started/super-bot-fight-mode/)) configurations for all domains in account. |
2727
| Billing | Can edit the account's [billing profile](/fundamentals/subscriptions-and-billing/create-billing-profile/) and subscriptions |
2828
| Cloudflare Access | Can edit [Cloudflare Access](/cloudflare-one/policies/access/) and [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/). |
2929
| Cache Purge | Can purge the edge cache and allows the reading of zone settings. |
@@ -60,9 +60,9 @@ Account-scoped roles apply across an entire Cloudflare account, and through all
6060
| Hyperdrive Read | Grants read access to [Hyperdrive](/hyperdrive/) database configuration. |
6161
| Hyperdrive Admin | Grants write access to [Hyperdrive](/hyperdrive/) database configuration. |
6262
| SSL/TLS, Caching, Performance, Page Rules, and Customization | Can edit most Cloudflare settings except for [DNS](/dns/) and [Firewall](/waf/). |
63-
| Secrets Store Admin | Can create, edit, duplicate, delete, and view secrets metadata. Can also [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/). |
64-
| Secrets Store Deployer | Can view secrets metadata but cannot create, edit, duplicate, nor delete secrets. Can also [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/). |
65-
| Secrets Store Reporter | Can view secrets metadata. Cannot perform any actions (create, edit, duplicate, delete secrets), nor add a Secrets Store binding to a Worker. |
63+
| Secrets Store Admin | Can create, edit, duplicate, delete, and view secrets metadata. Can also [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/). |
64+
| Secrets Store Deployer | Can view secrets metadata but cannot create, edit, duplicate, nor delete secrets. Can also [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/). |
65+
| Secrets Store Reporter | Can view secrets metadata. Cannot perform any actions (create, edit, duplicate, delete secrets), nor add a Secrets Store binding to a Worker. |
6666
| Security Center Brand Protection | Can access the Brand Protection feature on the API and Cloudflare dashboard. Brand Protection role also gives you access to the Investigate platform. |
6767
| Security Center Cloudforce One Admin | Grants write access to [Cloudforce One](/security-center/cloudforce-one/). |
6868
| Security Center Cloudforce One Read | Grants read access to [Cloudforce One](/security-center/cloudforce-one/), and cannot create and/or edit RFIs or PIRs. |
@@ -73,6 +73,7 @@ Account-scoped roles apply across an entire Cloudflare account, and through all
7373
| Vectorize Read only | Can read [Vectorize](/vectorize/) configurations. |
7474
| Waiting Room Admin | Can edit [Waiting Room](/waiting-room/) configuration. |
7575
| Waiting Room Read | Can read [Waiting Room](/waiting-room/) configuration. |
76+
| Workers Platform (Read-only) | Grants read-only access to all products typically used as part of Cloudflare's Developer Platform, including [Workers](/workers/), [Pages](/pages/), [Durable Objects](/durable-objects/), [KV](/kv/), [R2](/r2/), Zones, [Zone Analytics](/analytics/account-and-zone-analytics/zone-analytics/) and [Page Rules](/rules/). Cloudflare may add additional read-only permissions to this role as new products are introduced. |
7677
| Zaraz Admin | Can edit and publish [Zaraz](/zaraz/) configuration. |
7778
| Zaraz Edit | Can edit [Zaraz](/zaraz/) configuration. |
7879
| Zaraz Read | Can read [Zaraz](/zaraz/) configuration. |
@@ -97,4 +98,4 @@ Domain-scoped roles apply for a given domain within an account.
9798
| Domain Waiting Room Admin | Can edit [waiting rooms](/waiting-room/) configuration. |
9899
| Domain Waiting Room Read | Can read [waiting rooms](/waiting-room/) configuration. |
99100
| Zone Versioning | Grants full access to [Zone Versioning](/version-management/). |
100-
| Zone Versioning Read | Grants read-only access to [Zone Versioning](/version-management/). |
101+
| Zone Versioning Read | Grants read-only access to [Zone Versioning](/version-management/). |

0 commit comments

Comments
 (0)