We run a nonprofit and have lots of seasonal volunteers that may need access to several non-production projects. Giving them team-wide access would be way too much visibility and adding them per-project would make offboarding a pain. Using something like RBAC would solve these problems and allow us to create roles for specific access while using team members instead of project members. We'd love to see this!

hi, i can't answer you question, but you might be able to answer mine … i am a project manager with a railway account. I have connected it to github and want to give my devs full access to it - it seems you have mentioned a way to do that above? can you point me in the right direction?
tia

+1 for this. The environment switch on Railway is super handy and a great feature but it doesn't make sense that every team member or any Project member can potentially mess up production environment.

Please just add "People management" to Environment instead/additional to a Project 🙏

1+ for this. we run some projects in our company that isnt good for everyone to have access (for example our main database)
for now we're forced to use project members which means we've several projects to isolate simple service from everyone else

What level of granularity would you like to have? E.g. "able to access environment variables," "able to view logs", etc.

What level of granularity would you like to have? E.g. "able to access environment variables," "able to view logs", etc.

it's a good start, for my use case a service granularity of some sort would be the best as described above but I could remove the access of environment variables for my team if needed.

Access
Per project
Per service

+1 as well. I'd specifically like to have a role for a junior dev or ops person without access to the production DB (which has lots of sensitive data), but has the ability to create deployments, see logs etc.

For me personally, I want to invite my QA and only give access to "Observability" and possibly "Logs" tabs in each service and have him check these periodically

+1 one on this. would be nice to at least configure this via API