Skip to main content
Last Reviewed: February 16, 2023

Teams

Learn how to use teams for change management.


Teams allow you to define the users who will have access to a workspace or site.

Workspace Teams vs Site Dashboard Teams

There are two places a team can be defined: on a Professional Workspace, or in the Site Dashboard.

  • Professional Workspace team members have access to all sites in that Workspace, and any sites that have that Workspace assigned as a Supporting Workspace.

  • Site Team members only have access to that site.

Roles and Permissions

These tables detail the actions each role can execute on each Dashboard.

In some Workspaces, you may notice the "User in Charge" label applied to a user. This helps distinguish who created a site for Enterprise and EDU workspaces where members are allowed to spin up new Sandbox sites at will. However, in these workspaces, the "User in Charge" cannot adjust the site service level — e.g. to take a site live. Because this may affect the overall bill for the workspace, only workspace admins are allowed to change service levels.

If you are an administrator for a Pantheon workspace, contact support to have the User in Charge changed.

Workspace Level Permissions

PermissionsAdministratorTeam MemberDeveloperUnprivileged
Create sites within an org
Work in Dev environments
Access to Multidev environments
Create or delete Multidev environments
Create or view support tickets
Access and manage Autopilot
Access the workspace
Access the Workspace
Change site upstream
Deploy to Test and Live
Invite new team members
Manage user roles
Delete sites or remove users from an org
Manage a site's plan
Create or manage Custom Upstreams

Site Level Permissions

PermissionsOrg Admin / Owner
Team MemberDeveloper
Access the site Dashboard
Work in Dev environments
Change site upstream
Deploy from Custom Upstreams
Add/Manage Custom Domains
Deploy to Test and Live
Upload files to Test and Live
Access SFTP download logs on Test and Live
Clear cache on Test and Live
Manage user roles
Delete sites or remove users from a site
Add a Supporting Workspace
Manage a site's plan Org admin or Owner
Enable Pantheon Search

Manage Teams

Add a User

When a team member is added to a Workspace:

  • That Workspace will be accessible from the Workspace Switcher
  • The role they are given applies to all sites in that Workspace
  1. Go to the workspace, select the Team tab, and click Add User.

  2. Click Invite Team Member.

  3. Enter the email address of the new user, select a role, then click Send Invite.

An email confirmation is sent to the user. Users with an existing Pantheon account are immediately added to the workspace. Users without existing accounts must first click the confirmation link in the email to create their account.

Change a User's Role

  1. Go to the workspace and select the Team tab.

  2. Find and select the team member(s) whose role you want to change.

  3. Click Actions, and choose Change Role.

  4. Select the new role, then click Save Changes.

Export Users

While you can view a workspace's users using the Dashboard, there may be times when you need to generate a list of users, or view a list of all users associated with the Workspace and all of its sites.

To export a list of users:

  1. Go to the workspace and select the Team tab.

  2. In the upper right corner of the page, click Export Members.

  3. Select one of the following options:

    • All workspace and site members: exports all workspace members, site-only collaborators, and supporting workspaces.
    • Only workspace members: exports only the members defined in this workspace.
  4. Click Export CSV to generate your report. You will receive an email when the report is complete and ready for download.

    Warning:
    Warning

    The link in the email is only good for 24 hours. If you don't download the file within 24 hours, you must request another export.

    • You can only download the file using the link in the email.
    • Only the user who requested the file can download it. If you share this link with other users, they will not be able to download the report.
    • To share the report, download the file and share the file.

The exported CSV file will contain the following information:

  • isWorkspaceMember: Indicates if the user is part of the workspace team.

  • IsSiteMember: Indicates if the user is part of a site's team.

  • SiteUID: If IsSiteMember is set to true, the entry contains the UID of the site the user is a team member of.

  • Site Type: Indicates if this is a CMS or Front-end site.

  • Site Name: Name of the site.

  • First Name: User's first name.

  • Last Name: User's last name.

  • Email Address: User's email address.

  • UserUID: User's UID.

  • Role: If SiteUID is empty, the entry contains the user's role in the workspace. If SiteUID is not empty, the entry contains the user's role in the site.

The following fields only appear if you select All Workspace and site members when creating the export:

  • Supporting Workspace name: The name of the supporting workspace (if applicable).

  • Supporting Workspace UID: The UID of the supporting workspace (if applicable).

Remove a User

When a person with access to your site(s) on the platform leaves the company or project, it is important to immediately remove them from the team so that they no longer have access to make changes to your site.

Info:
Note

All users can be removed except the site owner.

To remove a user:

  1. Go to the workspace and select the Team tab.

  2. Find and select the team member(s) you wish to remove.

  3. Select Actions, then Remove.

  4. Select Yes, I am sure I want to remove this person, then click Yes, Remove.

  5. Enterprise customers with the Administrator role will instead be provided additional options to remove the user's access from associated sites. You will need to select one of the following and then click Remove Access:

    • Everything: removes a member from all workspaces and associated sites.

    • Workspace Only: removes a member from this workspace only. Associated sites will not be impacted.

      Alt text

After a user leaves, in addition to the steps above, we recommend you:

  • Delete or block the user's account in Drupal or WordPress.
  • Change any shared account passwords the user may have had access to.
  • Review the Git history in the commit log to see if the site team member made code changes after leaving. Refer to recommendations from Drupal and WordPress.

Add a Supporting Workspace to Site

Supporting Workspaces are Professional Workspaces that contain team members only. These workspaces can then be added to individual sites to allow those team members access to work on that site.

Workspace Administrators, Users in Charge, or Site Owners can add a Supporting Workspace.

  1. Go to the Site Dashboard for the site, then click Team.

  2. Under Supporting Workspace, enter the workspace's name in the search box, and click Search. The workspace name must match exactly.

  3. Select a role, then click Add. All members of the Supporting Workspace receive the role assigned on the site, regardless of their role in the Supporting Workspace.

    Site with two Supporting Workspaces

Remove a Supporting Workspace from a Site

  1. Go to the Site Dashboard with the Supporting Workspace you wish to remove.

  2. Click Team.

  3. Click the x to the right of the Supporting Workspace you wish to remove.

  4. Enterprise customers with the Administrator role will instead be provided additional options to remove the user's access from associated sites and will need to select one of the following:

    • This site: removes the workspace from this site only.

    • All sites workspace has access to: removes the workspace from all sites it's currently associated with.

      Alt text

  5. Click Yes, remove access. The Supporting Workspace is removed based on the selection you made.

FAQ

Can I restrict access to a specific site with the Developer role?

Only sites owned by Enterprise and EDU+ can assign the developer role to specific users. Partner workspaces cannot specify which members have access to specific sites.

Which role should I assign a user to give them the lowest level of access?

At the site level, the Developer role has the least amount of permissions and can create sites, view the Workspace, and deploy to the Development and Multidev environments. At the Professional Workspace level, the Unprivileged role has the least amount of permissions and can only create sites.

Which environments can a user with the Developer role deploy to?

The Developer role can only deploy to Development and Multidev environments. If a user needs to deploy to Live, you can promote a Developer to Team Member for a single site by adding the user to the site's team.

Who can add users to workspaces?

Enterprise Administrators can add site Team Members or Supporting Workspaces to sites owned by the workspace, with the Developer or workspace Team Member roles. Partner workspaces can assign users the role of an Administrator, Team Member, or Developer at the workspace level.

How do I recover an account after a site owner leaves?

Refer to the steps in our Site Access doc for recovery instructions.