Manage Members

Keystone projects can have any number of members. Each is given a per-project role which defines the environments a member can access.

Identifying members

All Keystone users are identified by a member id, composed as such: <username>@<service-name>, where service-name is the service used to authentify with ks login (currently, that’s either gitlab or github), and username is the username on that service.

For example, if you used your GitHub account to login, and your GitHub username is keystone_user_9, your Keystone member id is keystone_user_9@github.

In doubt, use ks whoami to display your Keystone member id.

Member roles

When adding members to a project with ks member add, you will be asked to assign them a role among four:

  • developer: has read-write access only to the dev environment, they cannot read nor write the others;
  • developer (invite): same as developer but can add and remove developer members;
  • devops: has read-write access to all environments, and can add and remove developer and devops members;
  • admin: has read-write acces to all environments, can add all types of members, can destroy the project.

Add and Remove Members, Setting Roles

Only developer (invite), devops and admin users can add and remove members, or change their role. Moreover, a member cannot add, remove or change the role of a member that “ranks” higher than them.

For example, a developer (invite) member can add, or remove developer members, but cannot add, nor remove a devops member, and so on.


For an exhaustive list of possible command regarding members, see:

Edit this page on GitHub