Roles and permissions#

A number of roles are defined in the product that can be assigned to a user or group. Roles set boundaries on activities that a user or group member can perform.

Roles are assigned to users and groups within the team context. Users or groups are assigned to a team with a specific role. The role assigned to a user is only for the team that the user is a member. A user can be a member of multiple teams and have a different role on each.

The interlocking concept of teams, roles, and permissions ensures that users have the appropriate permissions to perform their work and not affect processes outside of their assigned scope. The interaction of these three concepts provides the mechanisms to create an infrastructure that is secure and flexible.

Note: Until new users are assigned to teams, they are automatically assigned to the Default team in the Viewer and Participant roles. Users in these roles can view objects, such as releases and value streams, but they cannot create or edit them. Additionally, users in these roles can generate user access tokens and access API endpoints with GET requests. Administrators grant users elevated permissions when they assign them to roles such as Lead Developer or Release Manager.

The following tables show the available roles.

Viewer permission Description
Viewer View UI objects such as deployment plans and value streams. Create user access token.
Participant permission Description
Viewer View pipelines
Tasks Create, edit, execute, remove
Developer permission Description
Manage templates Create templates, edit templates, and delete templates
Pipelines Schedule
Tasks Create, edit, execute, remove
Stories Create, edit, remove
Lead developer permission Description
Pipelines Create pipelines
Applications Add, edit, and delete pipeline applications
Environments Create, edit, and remove pipelines environments
Deployment templates Create, edit, and remove
Deployment plans Create, modify, delete, and schedule deployment plans
Tasks Create, modify, execute, and delete tasks
Environments Create, modify, and delete target environments
Releases Create, modify, delete, and archive releases.
Stories Create, modify, delete, and archive stories.
Team members Create, modify, delete, and archive members.
Security Assign roles
Teams Create, modify, delete, and archive members.
Groups Create, and modify teams.
Release participant permissions Description
Tasks Create, modify, execute, and run tasks.
Stories Create, modify, and remove stories.
Release manager permissions Description
Deployment plans Create, edit, and remove plans with templates.
Pipelines Schedule deployments.
Tasks Create, execute, edit, and remove tasks from deployment plans.
Releases Create, modify, delete, lock, unlock, and archive releases.
Stories Create, modify, and delete user stories.
Calendar Modify calendar settings. Schedule releases, and run releases and calendar events using pre-defined templates.
Lead release manager permissions Description
Deployment plans Create, edit, and remove plans with or without templates. Approve protected environments.
Deployment plan templates Create, edit, and remove plan templates.
Pipelines Schedule deployments.
Tasks Create, execute, edit, and remove tasks from deployment plans. Change task target environment.
Releases Create, modify, delete, lock, unlock, and archive releases.
Teams Create, remove, and edit teams.
Users Create, and modify users, and remove users from teams. Assign users to roles.
Groups Create, modify, and remove groups.
Stories Create, modify, and remove user stories.
Calendar Modify calendar settings.
Team administrator permissions Description
Users Create, and modify users, and remove users from teams. Assign users to roles.
Teams Create, remove, and edit teams.
Groups Create, modify, and remove groups.
Product administrator permissions Description
Users Create, and modify users, and remove users from teams. Assign users to roles.
Teams Create, remove, and edit teams.
Groups Create, modify, and remove groups.
Security Modify security settings, manage integrations, manage LDAP and SSO configurations, and define email servers.
Pipeline executor permissions Description
Deployments Run
Pipelines For existing pipelines run deployments, schedule deployments, and join releases.
Pipeline designer permissions Description
Pipelines Edit

Parent topic: Security