As always, when you ask for things, we listen. We are happy to announce that you can now assign the Space Admin role to users for non-root spaces! Non-root Space Admins can now view all roles, users, API keys, IdP group mappings (read-only), and manage role bindings within their assigned administered spaces. Previously, these capabilities were limited to Root Space Admins only. This is a big step forward to help better enable multi-tenancy administration inside the Spacelift platform. <img data-width="100%" data-align="left" alt="" data-featurebase-content-key="6697afd8db026456df4b91e0/changelog/691b3029e21b57e5b940e8d9/019a923d-bb7a-7851-a53c-da66b459a451/b64u-aW1hZ2UucG5n.png" src="https://6697afd8db026456df4b91e0.featurebase-attachments.com/c/changelog/691b3029e21b57e5b940e8d9/019a923d-bb7a-7851-a53c-da66b459a451/b64u-aW1hZ2UucG5n.png?X-Amz-Expires=3600&amp;X-Amz-Date=20260208T090000Z&amp;X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=DO801TYC4FCVNNEKURKM%2F20260208%2Ffra1%2Fs3%2Faws4_request&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=075cdf29f23c4feabd4e1bf993606632856f63a01bba0d4850aace041b94cb42" data-featurebase-content-filename="image.png">Root Space Admins (Space Admin role on the root space) have account-wide privileges including:<ul><li>All Space Admin permissions across all spaces</li><li>SSO setup, VCS configuration, audit trail management</li><li>Invite/revoke users and create/modify/delete roles</li><li>Create/modify/delete API keys and IdP group mappings</li><li>Manage role bindings across all spaces</li></ul>Non-root Space Admins (Space Admin role on any non-root space) have limited privileges:<ul><li>Space Admin permissions only within the spaces they administer</li><li>Can view all roles, users, API keys, and IdP group mappings</li><li>Can manage role bindings only for the spaces they administer</li><li>Cannot invite/revoke users, create/modify/delete roles, or create/modify/delete API keys and IdP group mappings</li></ul>For more information on the Space Admin role, check out the documentation <a target="" rel="noopener noreferrer nofollow" class="link" href="https://docs.spacelift.io/concepts/authorization/rbac-system#space-admin">here</a>!

Introducing Space Admin role for Non-Root Spaces!

Help Center

Security

Improvement

Announcement

spacelift

👀 In Review

➡️ Planned

⚙️ In Progress

✅ Completed

❌ Rejected

⬆️ Gathering votes

🗑️ Archived

🔭 Discovery

Access Control

Ansible

Blueprints

CloudFormation

Contexts

UI/UX

Integrations

Stacks

Workers

IaC Workflows

Spaces

Policies

Resources

Filters

Spacectl

Pulumi

Kubernetes

Dashboard

Terraform registry

Terragrunt

Stack Dependencies

Logs

Drift Detection

Spacelift Provider

Notifications

OpenTofu

Helm

OIDC

Observability

Self-hosted

👨‍💻Solutions Eng Requests

👩🏻‍💻Support Requests

Feature Requests Roadmap

Got an idea for a feature request? Let us know! Share your ideas on improving existing features or suggest something new. Vote on ideas you find useful!Make sure to read our <a target="" rel="noopener noreferrer nofollow" class="link" href="https://docs.spacelift.io/product/feature-requests">guidelines</a> before posting 📖

Feature Requests

Hey {name|there}! 👋