Roles and permissions#

A number of roles are defined in the product that can be assigned to a user or group. Roles set boundaries on activities that a user or group member can perform.

Roles are assigned to users and groups within the team context. Users or groups are assigned to a team with a specific role. The role assigned to a user is only for the team that the user is a member. A user can be a member of multiple teams and have a different role on each.

The interlocking concept of teams, roles, and permissions ensures that users have the appropriate permissions to perform their work and not affect processes outside of their assigned scope. The interaction of these three concepts provides the mechanisms to create an infrastructure that is secure and flexible.

Note: Until new users are assigned to teams, they are automatically assigned to the Default team in the Viewer and Participant roles. Users in these roles can view objects, such as releases and value streams, but they cannot create or edit them. Additionally, users in these roles can generate user access tokens and access API endpoints with GET requests. Administrators grant users elevated permissions when they assign them to roles such as Lead Developer or Release Manager.

The following tables show the available roles.

Viewer permission Description
Viewer View UI objects such as deployment plans and value streams. Create user access token.
Participant permission Description
Tasks Create, edit, execute, remove task.
Viewer View pipelines.
Developer permission Description
Manage templates Create, edit, and delete templates.
Pipelines Schedule deployment in pipelines.
Stories Create, edit, remove user stories.
Tasks Create, edit, execute, remove task.
Lead developer permission Description
Applications Add, edit, and delete pipeline applications.
Deployment templates Create, edit, and remove deployment templates.
Deployment plans Create, modify, delete, and schedule deployment plans.
Groups Create, modify, delete, and remove team groups.
Pipelines Schedule deployment in pipelines.
Pipeline environment Create, edit, and remove pipelines environments.
Releases Create, modify, delete, and archive releases.
Stories Create, modify, delete, and archive user stories.
Teams Create, modify, delete, and archive members. Assign roles to team members.
Tasks Create, modify, execute, and delete tasks.
Target environment Create, modify, and delete target environments.
Release participant permissions Description
Stories Create, modify, and remove user stories.
Tasks Create, modify, execute, and run tasks.
Release manager permissions Description
Calendar Modify calendar settings. Schedule releases, and run releases and calendar events using pre-defined templates.
Deployment plans Create, edit, and remove plans with templates.
Pipelines Schedule deployment in pipelines.
Releases Create, modify, delete, lock, unlock, and archive releases.
Tasks Create, execute, edit, and remove tasks from deployment plans.
Stories Create, modify, and delete user stories.
Lead release manager permissions Description
Calendar Modify calendar settings. Schedule releases, and run releases and calendar events using pre-defined templates.
Deployment plans Create, edit, and remove plans with or without templates. Approve protected environments.
Deployment plan templates Create, edit, and remove deployment plan templates.
Groups Create, modify, and remove groups.
Pipelines Schedule deployment in pipelines.
Releases Create, modify, delete, lock, unlock, and archive releases.
Stories Create, modify, and remove user stories.
Tasks Create, execute, edit, and remove tasks from deployment plans. Change task target environment.
Teams Create, remove, and edit teams.
Users Create, and modify users, and remove users from teams. Assign roles to users.
Reporting administrator permission Description
Insight data View all insight data.
Team administrator permissions Description
Groups Create, modify, and remove groups.
Teams Create, edit, and remove teams.
Users Create, and modify users, and remove users from teams. Assign roles to users.
Product administrator permissions Description
Groups Create, modify, and remove groups.
Security Modify security settings, manage integrations, manage LDAP and SSO configurations, and define email servers.
Teams Create, edit, and remove members.
Users Create, and modify users, and remove users from teams. Assign roles to users.
Pipeline executor permissions Description
Deployments Run.
Pipelines Schedule deployment in pipelines.
Pipeline designer permissions Description
Applications Add, edit, and delete pipeline applications.
Application environment Create, modify, and delete pipeline environments.
Deployment plans Create, edit, and remove plans with or without templates. Approve protected environments.
Deployment plan templates Create, edit, and remove deployment plan templates.
Pipelines Schedule deployment in pipelines.
Releases Create, modify, and archive releases.
Target environments Change task target environments.
Tasks Create, execute, edit, and remove tasks from deployment plans. Change task target environment.
Release executor permissions Description
Tasks Execute task from deployment plans.

Parent topic: Security