Introduction
This article provides the steps to create a team API token with permissions scoped to a specific project in Terraform Enterprise. This allows for granular control, enabling the token to manage workspaces within a project without granting organization-level permissions.
Expected Outcome
The resulting token will have permissions scoped only to the specified project, allowing it to create and manage workspaces within that project without inheriting broader organization-level permissions.
Prerequisites
- Access to a Terraform Enterprise instance.
- Permissions to manage teams and projects within your organization.
Procedure
-
Navigate to your organization settings and select Teams. You can either choose an existing team or create a new one to associate with the project.
-
For the selected team, ensure the Organization Access for both Projects and Workspaces is set to None. This prevents the team from inheriting broad permissions.
-
Navigate to the Projects section. You can either edit an existing project or create a new one.
-
For the chosen project, click the Edit project button. On the next page, add the team to the project.
-
Customize the team's permissions for the project. In this example, the team is granted permission to create and manage workspaces within this project.
After completing these steps, any API token generated for this team will have its permissions restricted to the actions you defined for this specific project.
Additional Information
- For more details on different types of API tokens, please refer to the API Tokens documentation.