Skip to main content

Predefined roles

Eligible plans: Enterprise

The PactFlow application comes with the following predefined roles. Each role is assigned a collection of permissions.


The PactFlow tenant user will be assigned the Administrator role. They can then assign the Administrator role to other users.

Default permissions


All new users are assigned the User role (unless the default role has been updated in the system preferences). The User role is intended to work in conjunction with team assignments, and therefore has manage:team permissions (rather than manage:* permissions) for all resources that can be associated with a team. The User role should be assigned to all developers, testers and other users who create and verify contracts on the PactFlow platform.

Default permissions


This is the default role associated with a system account.

Default permissions

Team Administrator

This role is automatically assigned to any user who is an administrator of a specific team. This role may not be edited or deleted and cannot be assigned directly via the user roles APIs or UIs.

Default permissions


Default permissions


A user with the guest role can only view contract related data through the UI and has no API access.

The guest role permissions may not be modified.



A user with the SwaggerHub role can provide an API Token for the SwaggerHub integration. This allows SwaggerHub to verify published pacts against live Swagger docs.

The SwaggerHub role permissions may not be modified.



For the System Account used by the PactFlow SCIM API.

The SCIM role permissions may not be modified.


Test Maintainer (deprecated)

The Test Maintainer role has been replaced by the User role. The difference between the User and Test Maintainer roles is that the User role has team scoped permissions for Webhook and Secret management.

Default permissions

Organization Administrator

A system-assigned role for users to administrator authentication and user access within PactFlow. It has no API or contract data access, and does not consume a paid seat.

The Organization Administrator permissions may not be modified and cannot be assigned to users from within PactFlow.

Default permissions

Resetting permissions for predefined roles

Should you wish to reset the permissions assigned to each of the predefined roles back to their defaults as documented above (or upgrade from the globally scoped User role to the team scoped User role) you can follow these steps. Note that any custom roles will remain unaffected, and user/role assignments are unchanged.

  • Click on the API button at the top right of the PactFlow dashboard.
  • In the Links section, scroll down to the line where the rel column has a value of pf:admin-roles.
  • Click on the green arrow in the GET column with the hover text "Follow link".
  • Scroll up to the top of the page.
  • In the Links section, if you can see the line with a rel of pf:reset, you have the permissions required to reset the roles. If you cannot see this relation, you do not have the required permissions.
  • Click the yellow ! button in the NON-GET column.
  • Click the blue Make Request button. You will see a 200 OK response with the updated roles list.