Managing user permissions#
Permissions define the scope of user actions. Administrators assign users to roles when they are added to teams. Users inherit the permissions to the role. Users can have different permissions for different teams.
Until new users are assigned to teams by administrators, they are automatically assigned to the Default team in the Viewer and Participant roles. Users in these roles can view objects, such as releases and value streams, but they cannot create or edit them. Additionally, users in these roles can generate user access tokens and access API endpoints with GET requests. Administrators grant users elevated permissions when they assign them to roles such as Lead Developer or Release Manager.
An administrator assigns a user to a role when they add the user to a team. The administrator can be either the system administrator or team administrator. The user inherits the permissions granted to the assigned role. A user can be in multiple roles on a team. It's typical for each team to have one user assigned to the team administrator role in addition to any other roles that they might be in.
If a user is in a group, the group can be added to a team. All team members inherit the permissions grant to the role assigned to the group.
Note: To use UrbanCode Deploy applications with protected environments, a user must have the Admin permission.
Parent topic: Security