Administrative access#

See the Deploy documentation for access to self-hosted services.

If a service is down, check its status page:


If you are a consultant, do not use or create your own organizational accounts on services like Fixer, Prerender, Docker Hub, etc. All organizational accounts must be owned by OCP.

Amazon Web Services#

There should be a minimum of two IAM users in the administrators group from OCP only. The root user should not be used.


There should be a minimum of two owners from OCP. Owners do not need to be added to teams.


Use the org:owners task to check the configuration.



There should be a minimum of two Super Admin users from OCP only.

Less secure apps is set to “Allow users to manage their access to less secure apps” for the domain, and Allow less secure apps is set to “ON” for the user, so that Redmine can fetch mail.


Use Fathom instead.

Cloud Platform#


Use Amazon Web Services, unless an application requires access to Google-exclusive services like Google Drive.

There should be a minimum of two Organization Administrator users from OCP only.

Periodically review all projects. To view a project’s history, click its Activity tab. To view a project’s resources, click its Dashboard tab. Projects include:

  • Library (two storage buckets)

  • Pelican (IAM user)

  • Website Search (API key)

If an administrator lacks access to a project, run, for example:

gcloud projects add-iam-policy-binding ocds-172716 --member --role roles/owner

If the user interface lacks access to an organization, run, for example:

gcloud organizations add-iam-policy-binding organizations/1015889055088 --member --role roles/recommender.viewer


All users with access to this folder should belong to OCP only.


There should be a minimum of two Owner members from OCP only.


For each package owned by the opencontracting user, there should be a minimum of two Owner users from OCP, including opencontracting.

Only users who are reasonably expected to upload releases should have the Maintainer role.

If a third-party organization maintains a package, there can be one user from that organization with the Owner role to add maintainers (e.g. OpenDataServices).


There should be a minimum of two users with the Maintainer role from OCP.

Third-party maintainers of PyPI packages can be added to the package’s associated ReadTheDocs project, including organizational accounts (e.g. opendataservices).


There should be a minimum of two members with the Owner role and one member with the Billing role from OCP.

Third-party developers can be added with the Admin or Member role to organization-specific teams for specific projects.


There should be a minimum of two Administrators users from OCP only.

If we reach our collaborator limit, manage collaborators, removing those who were last seen more than 9 months ago.