Role-based access control

2 minute readSecurityIdentity management
On this page
The account management features described in this topic apply to all CloudBees support and training environments. For more information about managing accounts in other CloudBees products, refer to the documentation for those products.

Roles establish permission levels for user profiles. This type of rights assignment is called role-based access control (RBAC) because the permissions are assigned according to the activities a role needs to perform. Someone who can create profiles, like an administrator role, needs more rights than a user, who only views data.

Refer to Managing organization users for instructions on changing a user’s role.

Defined roles

CloudBees support and training environments have basic role-based access controls (RBAC) that allow for these roles within an organization:

  • User roles can view and leave the organizations associated with their user profiles. They can not create or modify organizations.

  • Administrator roles (admins) can do everything user roles can. In addition, admins can create and modify organization profiles, create user profiles, and install apps for third-party data integrations.

User profiles are independent of organization profiles. Users may belong to one or more organizations or may not belong to any organization.

With their elevated privileges, admins tend to be responsible for the configuration and maintenance of applications and environments.

Admin roles

Admins, or administrators, are users who have an admin role assigned to their user profiles. Admins are responsible for the configuration and maintenance by:

  • Connecting and configuring apps to connect third-party services.

  • Creating products and linking data to those products.

  • Defining work categories.

  • Adding, removing, and modifying user profiles.

  • Adding, removing, and modifying organizations.

  • Assigning roles to organization members.

User roles

Users are primarily able to view any of the data but are restricted from creating, modifying, or removing items. A user, for example, can view data on the Investment area screen but cannot link additional projects nor create work categories. A user is able to change the time interval and filters to modify the view.

Users are able to view their user and organization profiles and can view members of an organization. A user cannot change their assigned role.