System objects

3 minute readAutomation

A few special system objects contain access control lists related to overall CloudBees CD/RO system administration. These access control lists are available from the Administration  Server page. The system objects are:

  • Server: a CloudBees CD/RO system top-level object. Every other object in the system is contained in the server object and inherits access control information from the server object unless inheritance is broken.

  • Administration: Read permission allows access to the getStatus, getDatabaseConfiguration[s], getEmailConfig[s], and export (global) API functions.

    Modify permission allows access to the shutdown, setDatabaseConfiguration, createEmailConfig, deleteEmailConfig, modifyEmailConfig, and import (global) API functions.

    For Change Tracking, the Read , Modify , and Execute permissions allow you to revert changes to a tracked object and its tracked contents in the UI (see for more details) or access to the revert API function.

  • Artifacts: Read permission allows access to the getArtifact API functions. Modify permissions allows access to createArtifact and deleteArtifact functions.

  • Directory: Read permission allows access to the getUsers, getGroups, and getDirectoryProviders API functions.

    Modify permission allows access to the createUser, createGroup, deleteUser, deleteGroup, createDirectoryProvider, modifyDirectoryProvider, deleteDirectoryProvider, testDirectoryProvider, and moveDirectoryProvider API functions.

  • Email Configurations: Modify permission allows access to the createEmailConfig and deleteEmailConfig API functions.

  • Force Abort: Execute permission controls access to the --force flag on abortJob. By default, the ACL is created with Everyone: execute permission in addition to inheriting from the "Server". To force abort a job, the user must have execute permission on the job and execute permission on the forceAbort ACL.

  • Licensing: Read permission allows access to the getLicense[s] API functions. Modify permission allows access to the importLicenseData and deleteLicense API functions. Execute permission allows access to the getAdminLicense API function.

  • Logging: Modify permission allows access to the logMessage API function.

  • SSO Configuration: Modify permission allows access to the Kerberos configuration settings.

  • Personas: Modify permission allows access to the personas API functions.

  • Plugins: Modify permission allows access to the createPlugin, deletePlugin, installPlugin, uninstallPlugin, promotePlugin API functions, and the modifyPlugin API function requires modify permission on the target plugin. For getPlugin, Read permission is required on the target plugin.

  • Priority: Execute permission allows the user who launches a procedure (using the runProcedure API function) to raise the priority of the job.

  • Projects: Modify permission allows access to the createProject and deleteProject API functions.

  • Repositories: Read permission allows access to the getRepository API function. Modify permission allows access to the createRepository, deleteRepository, modifyRepository, and moveRepository API functions.

  • Resources: Modify permission allows access to the createReource and deleteResource API functions.

  • Report Object Types: Modify permission allows access to the createReportObjectType, deleteReportObjectType, getReportObjectType, getReportObjectTypes, and modifyReportObjectType API functions.

  • CloudBees Analytics Server Configuration: Modify permission allows access to the CloudBees Analytics server configuration settings.

  • SearchFilters: Execute permission allows access to the SearchFilters settings.

  • Session: Execute permission allows access to the login API function.

  • Tags: Execute permission allows access to the tags API function.

  • Workspaces: Modify permission allows access to the createWorkspace and deleteWorkspace API functions.

  • ZoneAndGateways:

    • Modify permission allows access to the createZone and deleteZone API functions.

    • When the resource belongs to a gateway, modify permission also allows access to the deleteResource API function when the resource belongs to a gateway.

    • To move a resource from one zone to another using modifyResource API function, you must have modify privileges on both the old and new zones and on the resource you want to move.