Security types
A security type is a product area that has permissions defined for it. There are several security types predefined. They are system, release, application, deployment, status, and initiatives and changes.
Each security types has a set of permissions that affect how users interact with the associated product area. For example, permissions for the release security type define release-related activities, such as creating and editing a release. Other than the Status security type, permissions are predefined. Additional permissions are added to the Status security type, when you create a status. To create a status, see Creating and assigning quality statuses.
Permissions are granted to roles, when you create a role. All security types and associated permissions are available when you create a role. You do not have to accept all permissions for a security type. You can remove a permission from a role. You can also revoke permissions from the predefined roles.
Any user who is assigned to a role automatically gains the permissions that are granted to the role. For information about creating roles, see Creating roles and assigning permissions. To create roles, you must have the Manage Roles and Permissions permission which is part of the system security type.
System security type permissions
The system type permissions affect security and system-wide areas, such integrations and environments. In addition to the Administrator role, which has all permissions, manager-type roles are typically given a number of permissions of this security type. For example, the default Release Manager role has several permissions of this type. Typically, the Manage Security Realms and Manage Users and Groups permissions are only granted to administrators.
| Permission | Where used | Description |
|---|---|---|
| Manage Security Realms | Manage Security | Create, edit, view, and delete authentication and authorization realms |
| Manage Users and Groups | Manage Security | Create, edit, view, and delete users and groups. |
| Manage Roles and Permissions | Manage Security | Create, edit, view, and delete roles. Grant or revoke role permissions. |
| Manage Teams and Membership | Manage Security | Create, edit, view, and delete teams. Add users and groups to teams; remove users and groups from teams. |
| Manage System Settings | Settings | View and edit the values in the System Settings tab of the Settings page. |
| View Audit Logs | Settings | View the Audit Log tab of the Settings page. |
| Manage Authentication Tokens | Settings | View and create tokens in the Authentication Tokens tab of the Settings page. |
| Manage Notifications | Settings | View and edit notification schemes and templates in the Settings page. |
| Manage Integrations | Integrations | Create, edit, view, and delete integrations. |
| Edit Lifecycles | Create, view, and edit lifecycles. | |
| Edit Statuses | Create, edit, view, and delete statuses. | |
| Edit Process Checklists | Create, edit, view, and delete checklists and checklist templates. | |
| Edit Release Environments | Environments | Create, edit, view, and delete environments. Map application to release environments. |
| Edit Environment Activities | Create, edit, view, and delete environment activities. | |
| Manage Backup Users | Manage Security | Create, edit, view, and delete backup users. |
Application security type permissions
The permissions for the application security type allow users to create applications, and add comments to applications. These permissions are granted to manager-type roles. For example, the default QA Manager role has these permissions.
| Permission | Where used | Description |
|---|---|---|
| Edit Application | Applications | Create, edit, view, and delete applications. |
| Edit Status Comments and Attachments | Add, edit, view, and delete comments and attachments to application versions. | |
| View Application Environments | Environments | View the Application Environments tab on the Environments page. |
| Edit Application Environments | Environments | Add or remove tags from application environments. |
Release security type permissions
The permissions for the release type allow users to do release-related activities, including creating releases and running deployments. The permissions that are granted for this type vary and depend on the user's role. The Observer default role, for example, allows users to view releases but not create them or run deployments.
| Permission | Where used | Description |
|---|---|---|
| View Releases | View releases assigned to your team. This permission is required for the edit, create, and delete releases permissions to work. | |
| Edit Releases | This permission provides the following activities:
|
|
| Recurring Deployments | Create, edit, view, and delete recurring deployments. | |
| Add notifications to a scheduled deployment. Create a release version. | ||
| Create Release | Create a release. | |
| Delete Release | Delete a release. | |
| Exempt Gates | Override the gate status of a deployment. Create a gate exemption. | |
| Edit Task Tags | Create, edit, and delete task tags. | |
| Edit Enterprise Events | Create, edit, view, and delete teams events. | |
| Edit Enterprise Event Types | Create, edit, view, and delete teams event types. | |
| Reserve Environments | Reserve an environment. | |
| Assign Participating Applications | Add applications to the release. | |
| Edit Enterprise Deployment Events | Create, edit, and delete events on related deployments. |
Deployment security type permissions
The Deployment security type permissions allow managing of deployment plans, segments, and tasks. Users with these permissions can create, modify, remove, and view deployment plans, and run deployments
| Permission | Where used | Description |
|---|---|---|
| Edit Deployment Plans | View, create, delete, and edit deployment plans, plan segments, and tasks. | |
| Execute Deployment Tasks | Start, skip, fail, or restart a task in a scheduled deployment that is already in progress. | |
| Lock Deployments | Lock and unlock deployment plans. | |
| Edit segments | Deployments | Create, edit, and delete scheduled deployment segments. |
| Override Automated Task States | Change the status of automated tasks. | |
| Override Manual Task States | Change the status of manual tasks. | |
| Start Deployments | Start, abort, and reopen scheduled deployments. | |
| Schedule Deployments | Create, edit, and delete scheduled deployments. | |
| Select Versions to Deploy | Schedule a specific application version deployment. |
Initiatives and changes
| Permission | Where used | Description |
|---|---|---|
| Edit initiatives | Modify initiatives. | |
| Edit changes | Modify changes. |
Status security type permissions
The permissions for the status type permit users to apply and edit the quality statuses. For example, if a lifecycle gate requires a specific status, only users with permission to use the status can apply it during a deployment.
Each status has its own permission; users might be able to add some statuses but not others. Initially, there are three quality statuses. As you create more statuses, they are listed among the other statuses in the Status area of the Manage Roles page.
| Permission | Where used | Description |
|---|---|---|
| Manual QA Pass | Add a pass the manual quality assurance gate. | |
| QA Manager Review Pass | Add a pass the manager review gate. | |
| Unit Tests Pass | Add a pass unit tests gate. |