Managing apps and users with fine-grained access controls

In February, we announced Heroku Enterprise, with collaboration and management capabilities for building and running your app portfolio in a governable and secure way on Heroku. We also introduced fine-grained access controls with app privileges as a beta feature. Today, we are pleased to announce general availability of this feature: Heroku Enterprise accounts are now automatically enabled for fine-grained access controls. We're very happy to deliver this feature that many of our largest customers have requested.

"Enterprises need greater visibility around applications and scalability, and Heroku Enterprise adds those features to the core Heroku value proposition," said Matthew Francis, Director Platform & Mobility, PwC. "Over the years, I've worked on many highly complex enterprise Salesforce projects. I'm excited to have Heroku Enterprise available to me for my next one."

Managing access to apps

When you have several developers working on different apps in your company, you often need to carefully manage the level of access each person has on each app. Sometimes this is because you want to guard and monitor changes to your production apps, while enabling wider collaboration on other apps. Or, you may have both 3rd party developers and your own employees working on apps, and you want precise control over which apps each has access to. Also, you may want to manage the kinds of resources that different users have access to, such as dynos, configuration or add-ons.

In a Heroku Enterprise organization, you can use roles and app privileges to manage access at different levels of granularity.

Roles. Each user is assigned one of two organization roles -- member or admin. Members can see all the apps in the organization and by default have read-only access to them. Admins are able to add new members to the organization, manage access to applications, configure org-wide settings including billing, and view resource usage across apps in the organization.

App privileges. With fine-grained access controls, we introduced privileges that you can apply to each member and non-org user on a per-app basis. Each privilege represents a set of permissions that enables certain actions, specifically on apps. We designed these privileges with an eye towards the different actions that various users, including developers and administrators, typically need to take as they create, build, run and maintain apps. Each user can be granted any combination of privileges on an app; this gives you more control over the full set of actions that they can perform on each app.

"Heroku Enterprise's Fine Grained Access Controls have given our administrators deeper control over our applications, while broadening collaboration across our globally distributed development teams."-Leela Parvathaneni, Sr Manager, Doctor Portal, Align Technology

Customizing access to apps

Org members and non-org collaborators can be granted any combination of the following privileges on an app:

  • View: See basic app information and access details
  • Deploy: Full access to its code, configuration and free add-ons
  • Operate: Work with configuration and other operational aspects of the app
  • Manage: Manage access to the app and its lifecycle

Privileges are independently assigned (or revoked) and do not automatically include other privileges. The app privileges and allowed actions reference in the Dev Center lists all actions that each privilege enables.


Enabling a user with different capabilities on different apps

Beyond the default read-only access that all members get, members and app collaborators can be granted different privileges on apps based on the maturity, criticality and security posture of those apps. For example, a developer may be granted just the deploy and operate privileges on the staging version of an app, but only the view privilege on the production app. That same developer may be granted deploy and operate privileges on a different, but less business-critical, production app.

The managing organization users and application access Dev Center article provides more details how you can set up varying kinds of access for users on different apps.

Delegating administration

When members create or transfer in apps, they are automatically granted all privileges on those apps. They can independently manage access to the app by selectively granting other members selected privileges. Members with the manage privilege on an app can also grant manage privileges to other members, thereby delegating or sharing accountability for that app.

Organization admins automatically get all privileges on all apps. While they can also grant app-specific privileges on any app, they don’t bottleneck access to apps. This way, access can be managed autonomously, improving productivity and accountability while not sacrificing centralized visibility.

Greater visibility towards better governance

In addition to visibility into the usage and operational aspects of their applications, organizations need to continuously ensure that they are compliant with their policies and security standards. On Heroku, administrators and application owners can quickly see who has access to an app. In the dashboard, they can also see which exact privileges, each user has on the app. They can quickly manage access to that app by adding or removing specific privileges without impacting access to other apps.

Visibility into access

What’s next

Fine-grained access controls are now enabled by default on all new Heroku Enterprise accounts and will be rolled out to all existing Heroku Enterprise accounts in the next couple of weeks. We are also working on new constructs and features that enable different development flows while keeping access management intuitive and efficient. We look forward to your feedback; email us at

Browse the blog archives, subscribe to the full-text feed, or visit the engineering blog.