Introduction
This guide explains the minimum permissions required for users who are not workspace owners to lock and unlock workspaces in HCP Terraform.
Prerequisites
- You must have organization permissions to manage teams and workspace access.
Options
You can use one of two methods to allow users to lock or unlock workspaces.
Option 1: Grant Organization-Level Permissions
Grant the user's team the Manage all workspaces permission at the organization level. This approach is straightforward but grants broad permissions over all workspaces within the organization.
Option 2: Grant Workspace-Level Permissions (Minimum Required)
For more granular control, you can assign permissions at the individual workspace level. This is the recommended approach if you need to follow the principle of least privilege.
To assign team access, navigate to the desired workspace and grant the user's team the following two permissions:
Manage Workspace Run TasksLock/unlock workspace
For detailed steps, refer to the guide on Managing Workspace Access Permissions.