Administrative access

See the Deploy documentation for access to self-hosted services.

If a service is down, check its status page:


If you are a consultant, do not use or create your own organizational accounts on services like Fixer, Prerender, Docker Hub, etc. All organizational accounts must be owned by OCP.

Amazon Web Services

There should be a minimum of two IAM users in the administrators group from OCP only. The root user should not be used.


There should be a minimum of two owners from OCP. Owners do not need to be added to teams.


Use the org:owners task to check the configuration.



There should be a minimum of two Super Admin users from OCP only.


Use Fathom instead.

Cloud Platform


Use Amazon Web Services, unless an application requires access to Google-exclusive services like Google Drive.

There should be a minimum of two Organization Administrator users from OCP only.

Periodically review all projects. To view a project’s history, click its Activity tab. To view a project’s resources, click its Dashboard tab. Projects include:

  • Library (two storage buckets)

  • Pelican (IAM user)

  • Website Search (API key)

If an administrator lacks access to a project, run, for example:

gcloud projects add-iam-policy-binding ocds-172716 --member --role roles/owner

If the user interface lacks access to an organization, run, for example:

gcloud organizations add-iam-policy-binding organizations/1015889055088 --member --role roles/recommender.viewer


All users with access to this folder should belong to OCP only.


There should be a minimum of two Owner members from OCP only.


There should be a minimum of two users with Full account access from OCP.

Third-party managers of Linode servers can be added.


For each package owned by the opencontracting user, there should be a minimum of two Owner users from OCP, including opencontracting.

Only users who are reasonably expected to upload releases should have the Maintainer role.

If a third-party organization maintains a package, there can be one user from that organization with the Owner role to add maintainers (e.g. OpenDataServices).


There should be a minimum of two users with the Maintainer role from OCP.

Third-party maintainers of PyPI packages can be added to the package’s associated ReadTheDocs project, including organizational accounts (e.g. opendataservices).


There should be a minimum of two members with the Owner role and one member with the Billing role from OCP.

Third-party developers can be added with the Admin or Member role to organization-specific teams for specific projects.


There should be a minimum of two Administrators users from OCP only.

If we reach our collaborator limit, manage collaborators, removing those who were last seen more than 9 months ago.