GroupRole

The access level assigned to a group within an organization.

Every group has exactly one role that determines what its members can do:

ORGANIZATION_ADMIN — Full administrative access across all projects.
ORGANIZATION_VIEWER — Read-only access across all projects.
CUSTOM — Fine-grained, project-level access grants. Use this when you need to give a team access to specific projects without organization-wide permissions.

enum GroupRole {
  ORGANIZATION_ADMIN
  ORGANIZATION_VIEWER
  CUSTOM
}

Values

`GroupRole.ORGANIZATION_ADMIN` {#organization-admin}

Full administrative access to all projects and settings in the organization. Members can manage groups, service accounts, billing, and all infrastructure.

`GroupRole.ORGANIZATION_VIEWER` {#organization-viewer}

Read-only access to all projects in the organization. Members can view infrastructure, deployments, and logs but cannot make changes.

`GroupRole.CUSTOM` {#custom}

Project-level access grants. Members only see projects explicitly assigned to this group, with either project_admin or project_viewer permissions per project.

Member Of

Group object

Values​

GroupRole.ORGANIZATION_ADMIN {#organization-admin}​

GroupRole.ORGANIZATION_VIEWER {#organization-viewer}​

GroupRole.CUSTOM {#custom}​

Member Of​

Values

`GroupRole.ORGANIZATION_ADMIN` {#organization-admin}

`GroupRole.ORGANIZATION_VIEWER` {#organization-viewer}

`GroupRole.CUSTOM` {#custom}

Member Of