Predefined roles and permissions
This version of documentation is no longer updated. For the latest information, see the following links:
- Continuous Delivery (CD) documentation
- Support Cycle-2 (SC-2) documentation
The permissions and predefined roles that are available depend on the services that are installed. When you add a user or group, you must specify the role that they have.
Jump to the appropriate section for more information:
What permissions do I have?
You can see what permissions you have from your profile. Your permissions are determined by the roles that are assigned to you.
To see what roles are assigned to you:
- Click your avatar in the toolbar.
- Click Profile and settings.
- Open the Roles tab.
The permissions that are associated with your role (or roles) are listed in the Enabled permissions column.
Predefined roles
A role defines the permissions that a user or group has.
You can edit the default roles or create new roles if the default set of permissions in a role does not align with your business needs. For more information, see Managing roles.
Definitions for each permission are provided in Permissions.
| Role | Permissions | Services that contribute permissions | Service that creates the role |
|---|---|---|---|
| Administrator | - Administer platform - Create service instances |
Platform UI | Platform UI |
| User | - Access assigned services | Platform UI | Platform UI |
When you install the following services, the following permissions are added to the platform. However, the permissions are not automatically added to a role. If you want to use these permissions, you must add them to a role.
| Service | Permissions not associated with a role by default |
|---|---|
| Platform UI | - Configure authentication - Configure platform - Manage and monitor platform - Manage groups - Manage users |
The default user (admin) is automatically assigned the following roles when the roles are added to the platform:
- Administrator
Permissions
The following table describes the actions that are associated with each permission.
| Category | Permission | Description | Service that contributes the permission |
|---|---|---|---|
| Administration | Administer platform | Users with this permission can: - Manage access to the console - Configure connection to an identity provider (LDAP server). The following actions are not listed in the console, but are also included in the Administer platform permission: - Add, edit, and remove roles - Add, edit, and remove groups - Add and remove users from groups - Manage the roles that are associated with a group - Customize the platform Users with this permission have elevated privileges and can grant or revoke all permissions, including permissions in the Administration category. |
Platform UI |
| Administration | Configure authentication | Users with this permission can: - Add, edit, and remove new user roles |
Platform UI |
| Administration | Manage groups | Users with this permission can: - Add, edit, and remove groups - Add and remove from groups - Manage the roles that are associated with a group |
Platform UI |
| Administration | Manage users | Users with this permission can: - Add, edit, and remove new user profiles |
Platform UI |
| Administration | Create service instances | Users with this permission can: - Create an instance of a service |
Platform UI |
| Knowledge work | Access assigned services | Users with this permission can: - Use services that are available to all users - Use services to which they have explicit access |
Platform UI |