Roles and permissions
A number of roles are defined in the product that can be assigned to a user or group. Roles set boundaries on activities that a user or group member can perform.
Roles are assigned to users and groups within the team context. Users or groups are assigned to a team with a specific role. The role assigned to a user is only for the team that the user is a member. A user can be a member of multiple teams and have a different role on each.
The interlocking concept of teams, roles, and permissions ensures that users have the appropriate permissions to perform their work and not affect processes outside of their assigned scope. The interaction of these three concepts provides the mechanisms to create an infrastructure that is secure and flexible.
Note: Until new users are assigned to teams, they are automatically assigned to the Default team in the Viewer and Participant roles. Users in these roles can view objects, such as releases and value streams, but they cannot create or edit them. Additionally, users in these roles can generate user access tokens and access API endpoints with GET requests. Administrators grant users elevated permissions when they assign them to roles such as Lead Developer or Release Manager.
The following tables show the available roles.
Viewer permission |
Description |
Viewer |
View UI objects such as deployment plans and value streams. Create user access token. |
Participant permission |
Description |
Tasks |
Create, edit, execute, remove task. |
Viewer |
View pipelines. |
Developer permission |
Description |
Manage templates |
Create, edit, and delete templates. |
Pipelines |
Schedule deployment in pipelines. |
Stories |
Create, edit, remove user stories. |
Tasks |
Create, edit, execute, remove task. |
Lead developer permission |
Description |
Applications |
Add, edit, and delete pipeline applications. |
Deployment templates |
Create, edit, and remove deployment templates. |
Deployment plans |
Create, modify, delete, and schedule deployment plans. |
Groups |
Create, modify, delete, and remove team groups. |
Pipelines |
Schedule deployment in pipelines. |
Pipeline environment |
Create, edit, and remove pipelines environments. |
Releases |
Create, modify, delete, and archive releases. |
Stories |
Create, modify, delete, and archive user stories. |
Teams |
Create, modify, delete, and archive members. Assign roles to team members. |
Tasks |
Create, modify, execute, and delete tasks. |
Target environment |
Create, modify, and delete target environments. |
Release participant permissions |
Description |
Stories |
Create, modify, and remove user stories. |
Tasks |
Create, modify, execute, and run tasks. |
Release manager permissions |
Description |
Calendar |
Modify calendar settings. Schedule releases, and run releases and calendar events using pre-defined templates. |
Deployment plans |
Create, edit, and remove plans with templates. |
Pipelines |
Schedule deployment in pipelines. |
Releases |
Create, modify, delete, lock, unlock, and archive releases. |
Tasks |
Create, execute, edit, and remove tasks from deployment plans. |
Stories |
Create, modify, and delete user stories. |
Lead release manager permissions |
Description |
Calendar |
Modify calendar settings. Schedule releases, and run releases and calendar events using pre-defined templates. |
Deployment plans |
Create, edit, and remove plans with or without templates. Approve protected environments. |
Deployment plan templates |
Create, edit, and remove deployment plan templates. |
Groups |
Create, modify, and remove groups. |
Pipelines |
Schedule deployment in pipelines. |
Releases |
Create, modify, delete, lock, unlock, and archive releases. |
Stories |
Create, modify, and remove user stories. |
Tasks |
Create, execute, edit, and remove tasks from deployment plans. Change task target environment. |
Teams |
Create, remove, and edit teams. |
Users |
Create, and modify users, and remove users from teams. Assign roles to users. |
Reporting administrator permission |
Description |
Insight data |
View all insight data. |
Team administrator permissions |
Description |
Groups |
Create, modify, and remove groups. |
Teams |
Create, edit, and remove teams. |
Users |
Create, and modify users, and remove users from teams. Assign roles to users. |
Product administrator permissions |
Description |
Groups |
Create, modify, and remove groups. |
Security |
Modify security settings, manage integrations, manage LDAP and SSO configurations, and define email servers. |
Teams |
Create, edit, and remove members. |
Users |
Create, and modify users, and remove users from teams. Assign roles to users. |
Pipeline executor permissions |
Description |
Deployments |
Run. |
Pipelines |
Schedule deployment in pipelines. |
Pipeline designer permissions |
Description |
Applications |
Add, edit, and delete pipeline applications. |
Application environment |
Create, modify, and delete pipeline environments. |
Deployment plans |
Create, edit, and remove plans with or without templates. Approve protected environments. |
Deployment plan templates |
Create, edit, and remove deployment plan templates. |
Pipelines |
Schedule deployment in pipelines. |
Releases |
Create, modify, and archive releases. |
Target environments |
Change task target environments. |
Tasks |
Create, execute, edit, and remove tasks from deployment plans. Change task target environment. |
Release executor permissions |
Description |
Tasks |
Execute task from deployment plans. |
Parent topic: Security