A few special system objects contain access control lists related to overall CloudBees CD/RO system administration. These access control lists are available from the
page. The system objects are:-
Server: a CloudBees CD/RO system top-level object. Every other object in the system is contained in the server object and inherits access control information from the server object unless inheritance is broken.
-
Administration: Read permission allows access to the
getStatus
,getDatabaseConfiguration[s]
,getEmailConfig[s]
, andexport
(global) API functions.Modify permission allows access to the
shutdown
,setDatabaseConfiguration
,createEmailConfig
,deleteEmailConfig
,modifyEmailConfig
, andimport
(global) API functions.For Change Tracking, the Read , Modify , and Execute permissions allow you to revert changes to a tracked object and its tracked contents in the UI (see for more details) or access to the
revert
API function. -
Artifacts: Read permission allows access to the
getArtifact
API functions. Modify permissions allows access tocreateArtifact
anddeleteArtifact
functions. -
Directory: Read permission allows access to the
getUsers
,getGroups
, andgetDirectoryProviders
API functions.Modify permission allows access to the
createUser
,createGroup
,deleteUser
,deleteGroup
,createDirectoryProvider
,modifyDirectoryProvider
,deleteDirectoryProvider
,testDirectoryProvider
, andmoveDirectoryProvider
API functions. -
Email Configurations: Modify permission allows access to the
createEmailConfig
anddeleteEmailConfig
API functions. -
Force Abort: Execute permission controls access to the
--force
flag onabortJob
. By default, the ACL is created with Everyone: execute permission in addition to inheriting from the "Server". To force abort a job, the user must have execute permission on the job and execute permission on theforceAbort
ACL. -
Licensing: Read permission allows access to the
getLicense[s]
API functions. Modify permission allows access to theimportLicenseData
anddeleteLicense
API functions. Execute permission allows access to thegetAdminLicense
API function. -
Logging: Modify permission allows access to the
logMessage
API function. -
SSO Configuration: Modify permission allows access to the Kerberos configuration settings.
-
Personas: Modify permission allows access to the
personas
API functions. -
Plugins: Modify permission allows access to the
createPlugin
,deletePlugin
,installPlugin
,uninstallPlugin
,promotePlugin
API functions, and themodifyPlugin
API function requires modify permission on the target plugin. ForgetPlugin
, Read permission is required on the target plugin. -
Priority: Execute permission allows the user who launches a procedure (using the
runProcedure
API function) to raise the priority of the job. -
Projects: Modify permission allows access to the
createProject
anddeleteProject
API functions. -
Repositories: Read permission allows access to the
getRepository
API function. Modify permission allows access to thecreateRepository
,deleteRepository
,modifyRepository
, andmoveRepository
API functions. -
Resources: Modify permission allows access to the
createReource
anddeleteResource
API functions. -
Report Object Types: Modify permission allows access to the
createReportObjectType
,deleteReportObjectType
,getReportObjectType
,getReportObjectTypes
, andmodifyReportObjectType
API functions. -
CloudBees Analytics Server Configuration: Modify permission allows access to the CloudBees Analytics server configuration settings.
-
SearchFilters: Execute permission allows access to the SearchFilters settings.
-
Session: Execute permission allows access to the
login
API function. -
Tags: Execute permission allows access to the
tags
API function. -
Workspaces: Modify permission allows access to the
createWorkspace
anddeleteWorkspace
API functions. -
ZoneAndGateways:
-
Modify permission allows access to the
createZone
anddeleteZone
API functions. -
When the resource belongs to a gateway, modify permission also allows access to the
deleteResource
API function when the resource belongs to a gateway. -
To move a resource from one zone to another using
modifyResource
API function, you must have modify privileges on both the old and new zones and on the resource you want to move.
-