Predefined roles

Eligible plans: Enterprise

The PactFlow On-Premises application comes with the following predefined roles. Each role is assigned a collection of permissions.

Administrator

The PactFlow On-Premises tenant user will be assigned the Administrator role. They can then assign the Administrator role to other users.

Default permissions

User

All new users are assigned the User role (unless the default role has been updated in the system preferences). The User role is intended to work in conjunction with team assignments, and therefore has manage:team permissions (rather than manage:* permissions) for all resources that can be associated with a team. The User role should be assigned to all developers, testers and other users who create and verify contracts on the PactFlow On-Premises platform.

Default permissions

CI/CD

This is the default role associated with a system account.

Default permissions

Team Administrator

This role is automatically assigned to any user who is an administrator of a specific team. This role may not be edited or deleted and cannot be assigned directly via the user roles APIs or UIs.

Default permissions

Read-Only

Note

This is a legacy role (previously called Viewer) and is no longer assigned to new accounts.

Viewer

A user with the Viewer role can only view contract-related data through the UI, but does not have API access.

Viewer role permissions are fixed, and you cannot modify them.

Permissions

SwaggerHub

A user with the SwaggerHub role can provide an API Token for the Swagger Studio On-Prem integration. This allows Swagger Studio On-Prem to verify published pacts against live OpenAPI descriptions.

The SwaggerHub role permissions may not be modified.

Permissions

SCIM

For the System Account used by the PactFlow On-Premises SCIM API.

The SCIM role permissions may not be modified.

Permissions

Test Maintainer (deprecated)

The Test Maintainer role has been replaced by the User role. The difference between the User and Test Maintainer roles is that the User role has team scoped permissions for Webhook and Secret management.

Default permissions

Organization Administrator

A system-assigned role for users to administrator authentication and user access within PactFlow On-Premises. It has no API or contract data access, and does not consume a paid seat.

The Organization Administrator permissions may not be modified and cannot be assigned to users from within PactFlow On-Premises.

Default permissions:

Resetting permissions for predefined roles

Should you wish to reset the permissions assigned to each of the predefined roles back to their defaults as documented above (or upgrade from the globally scoped User role to the team scoped User role) you can follow these steps. Note that any custom roles will remain unaffected, and user/role assignments are unchanged.

  • Click on the API button at the top right of the PactFlow On-Premises dashboard.

  • In the Links section, scroll down to the line where the rel column has a value of pf:admin-roles.

  • Click on the green arrow in the GET column with the hover text "Follow link".

  • Scroll up to the top of the page.

  • In the Links section, if you can see the line with a rel of pf:reset, you have the permissions required to reset the roles. If you cannot see this relation, you do not have the required permissions.

  • Click the yellow ! button in the NON-GET column.

  • Click the blue Make Request button. You will see a 200 OK response with the updated roles list.

In this section:
© 2025
Publication date: