Organizations and roles
How Bilbis groups people. Organizations hold members and resources; roles control what each member can do.
Short answer
An organization is a group of people who share Bilbis settings, products, repositories, credentials, and pipelines. Each member of an organization has a role that decides what they can change. The UI sometimes labels the same idea "workspace" - same thing.
Most users belong to exactly one organization. Some belong to several - for example, a contractor working with multiple clients.
How it works
When someone registers, Bilbis creates a new organization with that user as the owner. The owner can then invite others. Each invitation specifies a role.
Resources live inside an organization. Pipelines, products, repositories, credentials, members, and audit logs all belong to one organization. Switching organizations moves you to a different set of all of those.
Roles
Bilbis has four roles, listed from most to least power.
| Role | Can do |
|---|---|
| Owner | Everything. Manage billing, transfer ownership, delete the organization. |
| Admin | Everything except billing-account-level changes and transferring ownership. Adds and removes members, manages credentials, creates products, runs pipelines. |
| Developer | Run pipelines, view all surfaces, save templates. Can't change credentials, members, or organization settings. |
| Viewer | Read-only. Can see the dashboard, pipelines, MRs, analytics, and audit log; cannot dispatch pipelines or change anything. |
A small extra role exists at the platform level - platform admin - used by Bilbis operators across all organizations. It doesn't appear in the regular organization membership. See Platform admin.
Required MFA
| Role | MFA |
|---|---|
| Owner | Required at first sign-in. |
| Admin | Required at first sign-in. |
| Platform admin | Required at first sign-in. |
| Developer | Optional - voluntary enroll in Settings → Security. |
| Viewer | Optional - same. |
See Multi-factor authentication.
Membership in multiple organizations
You can belong to several organizations. The Workspace switcher in the sidebar moves you between them. URLs include the organization slug (e.g. bilbis/<slug>/dashboard) so each tab can be on a different organization.
Each membership has its own role. You might be owner in one organization and viewer in another.
What happens when you're removed
If you're removed from an organization, it disappears from your switcher and you lose access to all of its resources. Pipelines you previously dispatched still exist for the remaining members; the audit log records who created them.
If your account is deactivated (different from removed), it stays in the database but you can't sign in. An admin can reactivate it later.
Where you see it in Bilbis
- Workspace picker (
/orgs) - every organization you belong to. - Workspace switcher in the sidebar - switch between organizations without going through the picker.
- Members - admin surface to invite, role-change, and remove members.
- Settings → Profile - your role appears next to each membership.
Permissions cheat sheet
| Action | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| Read everything in the organization | Yes | Yes | Yes | Yes |
| Run a pipeline | Yes | Yes | Yes | No |
| Manage credentials, products, members | Yes | Yes | No | No |
| Manage billing | Yes | No | No | No |
| Delete the organization, transfer ownership | Yes | No | No | No |
Related pages
- Organizations and roles - full field reference, including the role-switching flow.
- Members - invite, role-change, deactivate, remove.
- Groups - sub-grouping members and products inside an organization.
- Switch organizations - Workspace picker and switcher.
- Multi-factor authentication - required for admin/owner roles.
- Invitations - how new members join.