HCP Waypoint permissions
This topic provides reference information about user permissions for HCP Waypoint. Permissions are role-based access controls (RBAC) inherited from the HCP organization or HCP project. Refer to the global user permissions reference for additional information about HCP RBAC.
| HCP Waypoint permission | Viewer | Contributor | Admin |
|---|---|---|---|
| Manage HCP Waypoint settings | ❌ | ❌ | ✅ |
| Create, edit, and delete templates | ❌ | ❌ | ✅ |
| View templates | ✅ | ✅ | ✅ |
| Create and delete applications | ❌ | ✅ | ✅ |
| View applications | ✅ | ✅ | ✅ |
| Create, edit, and delete add-ons | ❌ | ❌ | ✅ |
| Install and uninstall application add-ons | ❌ | ✅ | ✅ |
| View an installed add-on's outputs | ✅ | ✅ | ✅ |
| Create, edit, and delete actions | ❌ | ❌ | ✅ |
| Assign and unassign actions | ❌ | ❌ | ✅ |
| Run actions | ❌ | ✅ | ✅ |
| View action run details | ✅ | ✅ | ✅ |
| Create, edit, and delete agent groups | ❌ | ❌ | ✅ |
| View agent groups | ✅ | ✅ | ✅ |
Assign roles to users
Refer to the users page to learn how to invite users and assign roles.
The service principals page describes how to create a service principal.
HCP Terraform token permissions
HCP Waypoint requires you to provide an HCP Terraform API token. We recommend that you create a team and team token in HCP Terraform specifically for HCP Waypoint. The HCP Terraform team should only have access to HCP Terraform projects you intend to deploy to. HCP Waypoint requires that the HCP Terraform API token has the following project team permissions:
| Type | Permission |
|---|---|
| Project access | - Read - Create workspaces - Delete workspaces |
| Team management | None |
| Run access | Apply |
| Variable access | Read and write |
| State access | Read outputs only |