Access Control

Learn how to manage permissions and secure access to your Helm charts and repositories.

Roles and Permissions

Owner

Full administrative access to the organization.

  • Manage organization settings
  • Manage billing
  • Manage all repositories
  • Manage teams and members
  • Delete organization

Admin

Administrative access to repositories and teams.

  • Create/delete repositories
  • Manage team members
  • Configure repository settings
  • Manage chart versions

Member

Regular team member access.

  • View assigned repositories
  • Push charts to assigned repos
  • Pull charts from assigned repos
  • View team members

Reader

Read-only access to repositories.

  • View assigned repositories
  • Pull charts from assigned repos
  • View documentation

Common Commands

Add Team Member

Add a user to a team with specific role

helmbay team add-member frontend-team user@example.com --role member

Grant Repository Access

Give a team access to a repository

helmbay repo grant-access my-repo frontend-team --permission write

List Permissions

View permissions for a repository

helmbay repo list-access my-repo

Revoke Access

Remove access from a team

helmbay repo revoke-access my-repo frontend-team

Examples

Team Structure Example

Common team organization pattern

organization/
  ├── teams/
  │   ├── frontend-team (write access)
  │   ├── backend-team (write access)
  │   └── qa-team (read access)
  └── repositories/
      ├── frontend-charts/
      ├── backend-charts/
      └── shared-charts/

Access Policy Example

YAML configuration for access control

# access-policy.yaml
teams:
  frontend-team:
    repositories:
      - name: frontend-charts
        permission: write
      - name: shared-charts
        permission: read
  backend-team:
    repositories:
      - name: backend-charts
        permission: write
      - name: shared-charts
        permission: read

Best Practices

Role Assignment

  • Follow principle of least privilege
  • Regularly review access permissions
  • Document role assignments
  • Use groups for similar access patterns

Security

  • Enable two-factor authentication
  • Rotate access tokens regularly
  • Audit access logs periodically
  • Remove inactive users promptly

Next Steps

Learn how to integrate access control with your CI/CD pipeline.

CI/CD Integration Guide →