We’ve reimagined Spacelift’s authorization model with Advanced Access Control (AAC) — fine-grained, role-based permissions that go beyond the old read/write/admin boundaries.

Now, you can break traditional roles into individual, composable actions and create custom roles that match your exact organizational needs. Every role starts with a Read baseline, and you add only the permissions you want — precision without complexity.

With this release, you can:

• Control stack operations:

  • Create, delete, and manage environment variables.

  • Lock/unlock stacks.

• Control run actions:

  • Confirm, apply, or discard plans.

  • Trigger runs and tasks.

  • Review changes, proposed & tracked runs.

• Attach roles to API Keys and IdP Groups.

• Manage Contexts and Worker Pools with team-specific privileges.

Advanced Access Control mirrors your org structure, making it easy to:

• Accelerate compliance without slowing deployments.

• Delegate confidently to the right teams.

• Reduce bottlenecks in permission management.

• Streamline onboarding with reusable, self-documenting roles.

As always, we’d love your feedback, especially as we expand AAC to more resources in future releases.