Access control scenarios for pipelines, releases, and procedures

This section provides access control scenarios for pipelines, releases, and procedures that demonstrate the behavior based on various authentication contexts.

In the examples, there are two projects: projectA and projectB. These projects contain:

Table 1. **projectA** and **projectB**
projectA	projectB
procedureA	procedureB
pipelineA	pipelineB
releaseA	releaseB
applicationA	applicationB
environmentA	environmentB

The following non-admin users are defined:

Table 2. Groups and users
Groups	Users
groupA	userA userB
Everyone group	userA userB userC

Of note:

The access control list (ACL) permissions specified for the principals in the scenarios below can either be directly defined or inherited.
The ACL permissions mentioned could be presented for all principals in the context or could be one of the principals with either an Allow or Deny category. For example, a user can have an Allow permission via inheritance but the Everyone group, or a project of pipelineA, may not have any explicit ACLs defined.
When a user has an ACL defined, either explicitly or via inheritance, it always takes precedence over other principals, such as Group or Project.

Ensure you are familiar with the access control system before making changes. Incorrectly setting ACLs can severely impact CloudBees CD/RO behavior.
For schedule-invoked pipelines or releases that include command tasks, access control is defined by the plugin project EC-Core-<version>. In order to deny the invocation, the EC-Core-<version> project also needs to be given a Deny permission on the pipeline or release being invoked.
Access control behavior in the tables below is applicable for CloudBees CD/RO v10.3.1 and later. Before migrating from an earlier release, review access control settings at your site for pipelines, releases, and procedures. Make appropriate changes in access control based on the v10.3.1 and later behavior.

Pipeline examples

The pipeline examples below assume that projectA with pipelineA calls a procedure, procedureB.

Similar behavior exists when pipelineA calls:

A pipeline task, named pipelineB, from projectB.
An application process task, named applicationB-processB-environmentB, from projectB.

Pipeline example: All objects have allow permissions on projectB

Table 3. All objects have **Allow** permissions on **projectB**
Objects	Execute permissions on projectB	Run as	Result
projectA	allow	Run pipelineA from projectA using projectA (schedule)	procedureB is launched successfully by projectA
userA	allow	Run pipelineA from projectA as userA	procedureB is launched successfully by userA
groupA	allow	Run pipelineA from projectA as userB	procedureB is launched successfully by userB
Everyone group	allow	Run pipelineA from projectA as userC	procedureB is launched successfully by userC

Pipeline example: projectA has the deny permission on projectB

Table 4. **projectA** has the **Deny** permission on **projectB**
Objects	Execute permissions on projectB	Run as	Result
projectA	deny	Run pipelineA from projectA using projectA (schedule)	procedureB cannot be launched by projectA
userA	allow	Run pipelineA from projectA as userA	procedureB is launched successfully by userA
groupA	allow	Run pipelineA from projectA as userB	procedureB is launched successfully by userB
Everyone group	allow	Run pipelineA from projectA as userC	procedureB is launched successfully by userC

Pipeline example: userA has the deny permission on projectB

Table 5. **userA** has the **Deny** permission on **projectB**
Objects	Execute permissions on projectB	Run as	Result
projectA	allow	Run pipelineA from projectA using projectA (schedule)	procedureB is launched successfully by projectA
userA	deny	Run pipelineA from projectA as userA	procedureB cannot be launched by userA
groupA	allow	Run pipelineA from projectA as userB	procedureB is launched successfully by userB
Everyone group	allow	Run pipelineA from projectA as userC	procedureB is launched successfully by userC

Pipeline example: groupA has the deny permission on projectB

Table 6. **groupA** has **Deny** permission on **projectB**
Objects	Execute permissions on projectB	Run as	Result
projectA	allow	Run pipelineA from projectA using projectA (schedule)	procedureB is launched successfully by projectA
userA	allow	Run pipelineA from projectA as userA	procedureB cannot be launched by userA
groupA	deny	Run pipelineA from projectA as userB	procedureB cannot be launched by userB
Everyone group	allow	Run pipelineA from projectA as userC	procedureB is launched successfully by userC

Pipeline example: The Everyone group has the deny permission on projectB

Table 7. The **Everyone** group has the **Deny** permission on **projectB**
Objects	Execute permissions on projectB	Run as	Result
projectA	allow	Run pipelineA from projectA using projectA (schedule)	procedureB cannot be launched by projectA
userA	allow	Run pipelineA from projectA as userA	procedureB cannot be launched by userA
groupA	allow	Run pipelineA from projectA as userB	procedureB cannot be launched by userB
Everyone group	deny	Run pipelineA from projectA as userC	procedureB cannot be launched by userC

Release examples

The release examples below assume that projectA with releaseA calls a procedure task, procedureB.

Similar behavior exists when releaseA calls:

A pipeline task, pipelineB, from projectB.
An application process task, applicationB-processB-environmentB, from projectB.
A release task, releaseB, from projectB.

Release example: All objects have allow permissions on projectB

Table 8. All objects have **Allow** permissions on **projectB**
Objects	Permissions on projectB	Run as	Result
projectA	allow	Run releaseA from projectA using projectA (schedule)	procedureB is launched successfully by projectA
userA	allow	Run releaseA from projectA as userA	procedureB is launched successfully by userA
groupA	allow	Run releaseA from projectA as userB	procedureB is launched successfully by userB
Everyone group	allow	Run releaseA from projectA as userC	procedureB is launched successfully by userC

Release example: projectA has the deny permission on projectB

Table 9. **projectA** has the **Deny** permission on **projectB**
Objects	Permissions on projectB	Run as	Result
projectA	deny	Run releaseA from projectA using projectA (schedule)	procedureB cannot be launched by projectA
userA	allow	Run releaseA from projectA as userA	procedureB is launched successfully by userA
groupA	allow	Run releaseA from projectA as userB	procedureB is launched successfully by userB
Everyone group	allow	Run releaseA from projectA as userC	procedureB is launched successfully by userC

Release example: userA has the deny permission on projectB

Table 10. **userA** has the **Deny** permission on **projectB**
Objects	Permissions on projectB	Run as	Result
projectA	allow	Run releaseA from projectA using projectA (schedule)	procedureB is launched successfully by projectA
userA	deny	Run releaseA from projectA as userA	procedureB cannot be launched by userA
groupA	allow	Run releaseA from projectA as userB	procedureB is launched successfully by userB
Everyone group	allow	Run releaseA from projectA as userC	procedureB is launched successfully by userC

Release example: groupA has the deny permission on projectB

Table 11. **groupA** has the **Deny** permission on **projectB**
Objects	Permissions on projectB	Run as	Result
projectA	allow	Run releaseA from projectA using projectA (schedule)	procedureB is launched successfully by projectA
userA	allow	Run releaseA from projectA as userA	procedureB cannot be launched by userA
groupA	deny	Run releaseA from projectA as userB	procedureB cannot be launched by userB
Everyone group	allow	Run releaseA from projectA as userC	procedureB is launched successfully by userC

Release example: The Everyone group has the deny permission on projectB

Table 12. The **Everyone** group has the **Deny** permission on **projectB**
Objects	Permissions on projectB	Run as	Result
projectA	allow	Run releaseA from projectA using projectA (schedule)	procedureB cannot be launched by projectA
userA	allow	Run releaseA from projectA as userA	procedureB cannot be launched by userA
groupA	allow	Run releaseA from projectA as userB	procedureB cannot be launched by userB
Everyone group	deny	Run releaseA from projectA as userC	procedureB cannot be launched by userC

Procedure examples

The procedure examples below assume that projectA with procedureA calls a procedure step, procedureB.

Similar behavior exists when procedureA calls:

A pipeline task,pipelineB, from projectB.
A release task, releaseB, from projectB.
An application process task, applicationB-processB-environmentB, from projectB.

Procedure example: All objects have allow permissions on projectB

Table 13. All objects have **Allow** permissions on **projectB**.
Objects	Permissions on projectB	Run as	Result
projectA	allow	Run procedureA from projectA using projectA (schedule	procedureB is launched successfully by projectA]
userA	allow	Run procedureA from projectA as userA	procedureB is launched successfully by userA
groupA	allow	Run procedureA from projectA as userB	procedureB is launched successfully by userB
Everyone group	allow	Run procedureA from projectA as userC	procedureB is launched successfully by userC

Procedure example: projectA has the deny permission on projectB

Table 14. **projectA** has the **Deny** permission on **projectB**
Objects	Permissions on projectB	Run as	Result
projectA	deny	Run procedureA from projectA using projectA (schedule)	procedureB cannot be launched by projectA
userA	allow	Run procedureA from projectA as userA	procedureB is launched successfully by userA
groupA	allow	Run procedureA from projectA as userB	procedureB is launched successfully by userB
Everyone group	allow	Run procedureA from projectA as userC	procedureB is launched successfully by userC

Procedure example: userA has the deny permission on projectB

Table 15. **userA** has the **Deny** permission on **projectB**
Objects	Permissions on projectB	Run as	Result
projectA	allow	Run procedureA from projectA using projectA (schedule)	procedureB is launched successfully by projectA
userA	deny	Run procedureA from projectA as userA	procedureB cannot be launched by userA
groupA	allow	Run procedureA from projectA as userB	procedureB is launched successfully by userB
Everyone group	allow	Run procedureA from projectA as userC	procedureB is launched successfully by userC

Procedure example: groupA has the deny permission on projectB

Table 16. **groupA** has the **Deny** permission on **projectB**
Objects	Permissions on projectB	Run as	Result
projectA	allow	Run procedureA from projectA using projectA (schedule)	procedureB is launched successfully by projectA
userA	allow	Run procedureA from projectA as userA	procedureB cannot be launched by userA
groupA	deny	Run procedureA from projectA as userB	procedureB cannot be launched by userB
Everyone group	allow	Run procedureA from projectA as userC	procedureB is launched successfully by userC

Procedure example: The Everyone group has the deny permission on projectB

Table 17. The **Everyone** group has the **Deny** permission on **projectB**
Objects	Permissions on projectB	Run as	Result
projectA	allow	Run procedureA from projectA using projectA (schedule)	procedureB cannot be launched by projectA
userA	allow	Run procedureA from projectA as userA	procedureB cannot be launched by userA
groupA	allow	Run procedureA from projectA as userB	procedureB cannot be launched by userB
Everyone group	deny	Run procedureA from projectA as userC	procedureB cannot be launched by userC