Roles and permissions
A number of roles are defined in the product that can be assigned to an user or group. Roles set boundaries on activities that an user or group member can perform.
Roles are assigned to users and groups within the team context. Users or groups are assigned to a team with a specific role. The role assigned to a user is only for the team that the user is a member. A user can be a member of multiple teams and have a different role on each.
The interlocking concept of teams, roles, and permissions ensures that users have the appropriate permissions to perform their work and not affect processes outside of their assigned scope. The interaction of these three concepts provides the mechanisms to create an infrastructure that is secure and flexible.
Note: Until new users are assigned to teams, they are automatically assigned to the Default team in the Viewer and Participant roles. Users in these roles can view objects, such as releases and value streams, but they cannot create or edit them. Additionally, users in these roles can generate user access tokens and access API endpoints with GET requests. Administrators grant users elevated permissions when they assign them to roles such as Lead Developer or Release Manager.
The following tables show the available roles.
Viewer permission |
Description |
Viewer |
View UI objects such as deployment plans and value streams. Create user access token. |
Participant permission |
Description |
Viewer |
View pipelines |
Tasks |
Create, edit, execute, remove |
Developer permission |
Description |
Manage templates |
Create templates, edit templates, and delete templates |
Pipelines |
Schedule |
Tasks |
Create, edit, execute, remove |
Stories |
Create, edit, remove |
Lead developer permission |
Description |
Pipelines |
Create pipelines |
Applications |
Add, edit, and delete pipeline applications |
Environments |
Create, edit, and remove pipelines environments |
Deployment templates |
Create, edit, and remove |
Deployment plans |
Create, modify, delete, and schedule deployment plans |
Tasks |
Create, modify, execute, and delete tasks |
Environments |
Create, modify, and delete target environments |
Releases |
Create, modify, delete, and archive releases. |
Stories |
Create, modify, delete, and archive stories. |
Team members |
Create, modify, delete, and archive members. |
Security |
Assign roles |
Teams |
Create, modify, delete, and archive members. |
Groups |
Create, and modify teams. |
Release participant permissions |
Description |
Tasks |
Create, modify, execute, and run tasks. |
Stories |
Create, modify, and remove stories. |
Release manager permissions |
Description |
Deployment plans |
Create, edit, and remove plans with templates. |
Pipelines |
Schedule deployments. |
Tasks |
Create, execute, edit, and remove tasks from deployment plans. |
Releases |
Create, modify, delete, and archive releases. |
Stories |
Create, modify, and delete user stories. |
Calendar |
Modify calendar settings. Schedule releases, and run releases and calendar events using pre-defined templates. |
Lead release manager permissions |
Description |
Deployment plans |
Create, edit, and remove plans with or without templates. Approve protected environments. |
Deployment plan templates |
Create, edit, and remove plan templates. |
Pipelines |
Schedule deployments. |
Tasks |
Create, execute, edit, and remove tasks from deployment plans. Change task target environment. |
Releases |
Create, modify, delete, and archive releases. |
Teams |
Create, remove, and edit teams. |
Users |
Create, and modify users, and remove users from teams. Assign users to roles. |
Groups |
Create, modify, and remove groups. |
Stories |
Create, modify, and remove user stories. |
Calendar |
Modify calendar settings. |
Team administrator permissions |
Description |
Users |
Create, and modify users, and remove users from teams. Assign users to roles. |
Teams |
Create, remove, and edit teams. |
Groups |
Create, modify, and remove groups. |
Product administrator permissions |
Description |
Users |
Create, and modify users, and remove users from teams. Assign users to roles. |
Teams |
Create, remove, and edit teams. |
Groups |
Create, modify, and remove groups. |
Security |
Modify security settings, manage integrations, manage LDAP and SSO configurations, and define email servers. |
Parent topic: Security