This reference guide covers how permissions, roles, and access rights work in Renku 2.0.

Project Permissions

Access to a Renku project is determined by 2 things:

1. The project’s visibility (private or public).
2. The project’s membership. This can be determined by being a direct member of the project, or inheriting membership through the project’s namespace (group).

Visibility

Projects on RenkuLab can be public or private:

• Private: The project is accessible only to members of the project. The level of access (whether you can modify the project or only view it) is determined by one’s role on the project.
• Public: The project is visible to everyone on the internet. This means everyone can see the project page and launch sessions. However, only project members can modify the project.

Project Membership

There are 2 types of project membership:

• Direct membership: A person is added directly to the project as a member.
• Inherited membership: A person has access to the project by being a member of the project’s namespace (group). For more details, see Groups and Role Inheritance.

Project Roles

Members of projects can have one of the following roles:

• Owner: Can do everything on the project. This role is automatically assigned to whoever created the project.
• Editor: Can edit most things on the project, but cannot change who can access the project (cannot add members or change the project visibility).
• Viewer: Can see the project and launch sessions. ****