Onboard
Introduction
Users
Teams
Introduction
IntroductionPromote an image in Amazon ECRRetrieve an object from Amazon S3Store an object on Amazon S3Copy Docker images with CraneDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryRegister a build artifactRegister a deployed environment artifact
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineBuild and publish Docker images with KanikoRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Ansible PlaybookDeploy with Argo WorkflowsDeploy with AWS CodeDeployDeploy a binary with Amazon EC2Deploy to ECSRender an Amazon ECS task definitionDeploy with AWS Elastic BeanstalkDeploy with HerokuDeploy with OctopusDeploy with OpenShiftDeploy with SpinnakerDeploy with Tosca
Publish evidence items
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxCoverity on PolarisFind Security BugsGitHub Security ScannerGosecGrypeMendNexus IQnjsscanSnykSonarQube bundledSonarQube
IntroductionBlack DuckMendSnyk
IntroductionGitleaksTruffleHog ContainerTruffleHog CodeTruffleHog S3
IntroductionCreate a change requestUpdate or close a change requestGet a change request current stateQuery a change request approval
Publish test results
Multi-workflows dispatch
Introduction
Manage workflows
Introductioncloudbees and other context objectsenvnameonjobs.<job_id>.delegates.<job_id>.env.<job_id>.environment.<job_id>.if.<job_id>.needs.<job_id>.outputs.<job_id>.permissionsjobs.<job_id>.uses.<job_id>.services.<job_id>.services.<service_id>.services.<service_id>.args.services.<service_id>.env.services.<service_id>.imagejobs.<job_id>.steps.<job_id>.steps[*].id.<job_id>.steps[*].env.<job_id>.steps[*].if.<job_id>.steps[*].name.<job_id>.steps[*].run.<job_id>.steps[*].shell.<job_id>.steps[*].uses.<job_id>.steps[*].with.<job_id>.steps[*].with.args.<job_id>.steps[*].with.entrypoint.<job_id>.steps[*].timeout-minutesjobs.<job_id>.timeout-minutes
An example workflow
Reusable workflows
Personal access tokens
Trigger a workflow using an API
IntroductionManual approval
CI insights for Jenkins
Introduction
Learn about feature management
Create flags in code
Create/manage flags in the UI
Namespaces and labels
Configure feature flags
Feature management custom roles
Audit history
Configuration as code
Flag impressions and activity status
Code references
Properties, custom properties, and target groups
Enabling secret mode
IntroductionAndroid / Android TV / Fire TVC/C++ (client-side)C/C++ (server-side)GoJavaJavaScript (browser) / Chromecast / TizenJavaScript SSR.NET/C#Node.jsiOS / tvOSPHPPythonReact NativeRuby
IntroductionClient-side AndroidClient-side C ClientClient-side C++ ClientClient-side JavaClient-side JavaScript (browser)Client-side .NET/C# clientClient-side Objective-CClient-side React NativeClient-side SwiftServer-side CServer-side C++Server-side GoServer-side JavaServer-side .NET/C#Server-side NodeJSServer-side PythonServer-side PHPServer-side RubyBoth client-side and server-side JavaScript SSR
IntroductionAngular appDjango appGin app.NET Core appReact appSpring Boot app

Custom roles for feature management

3 minute read

Managing access to feature flags, target groups, and custom properties is essential for safely releasing features and maintaining control over application behavior. This page explains how to use CloudBees platform’s role-based access control (RBAC) system to configure custom roles specifically for feature management. Use this content to create custom roles that define precise permissions for individuals or teams responsible for creating, managing, or deploying feature flags.

By assigning roles with appropriate permission categories, privilege levels, and resource scopes, you can ensure that users have the right level of access, helping to reduce misconfigurations, support safe experimentation, and enforce governance policies.

For a general overview of how role-based access control (RBAC) works across the platform, including concepts such as predefined roles, permission categories, and privilege levels, refer to the Role-based access control documentation.

Custom role creation

Within feature management, you can assign custom roles that define what users or teams are allowed to do. These roles may apply at either the organization level or application level, depending on how access should be scoped.

This section provides example configurations for custom roles within feature management. While the examples may not match the exact scenario you’re setting up, they provide a foundation you can build on to create your own specific custom role. Each example outlines the minimum permissions required for common use cases or access levels.

Feature management admin role

As an org admin, you may need to assign full permissions for feature flags, target groups, and properties to trusted users. This custom role grants full control across all feature management categories.

  1. Navigate to Tenant settings  Roles.

  2. Select Create role.

  3. Name the role (for example, FM Admin).

    1. Select Pencil next to Custom role, and then enter a name for the role.

    2. Select Pencil next to Description to enter a description, such as a summary of permissions granted.

  4. Select the category: Feature management.

  5. Assign the following permissions:

    • For the Flag permission, select all checkboxes: Read, Create, Update, Delete, and Execute.

    • For the Target group permission, select all checkboxes: Read, Create, Update, Delete, and Execute.

    • For the Custom property, select all checkboxes: Read, Create, Update, Delete, and Execute.

      Feature management admin
      Figure 1. Custom role: Feature management administrator

  6. Select Save.

  7. To Grant the role select Tenant settings  Access control.

Feature management target group admin role

You may want to assign this role to a team responsible for managing audience targeting and rollout strategies.

  1. Follow the same process as provided above, except for the permissions.

  2. Assign the following permissions:

    • For the Custom property, select Read.

    • For the Flag permission, select Read.

    • For the Target group permission, select all checkboxes: Read, Create, Update, Delete, and Execute.

      Feature management target group admin
      Figure 2. Custom role: Feature management target group admin

  3. Select Save.

  4. Assign the role using Tenant settings  Access control.

Feature management flag owner role

You may want to assign a flag owner role to users who are responsible for creating, managing, and deploying feature flags, but who don’t need full access to target groups or custom properties.

  1. Follow the same process as provided above, except for the permissions.

  2. Assign the following permissions:

    • For the Custom property, select Read.

    • For the Flag permission, select all checkboxes: Read, Create, Update, Delete, and Execute.

    • For the Target group permission, select: Read.

      Feature management flag owner
      Figure 3. Custom role: Feature management flag owner

  3. Select Save.

  4. Assign the role using Tenant settings  Access control.

Feature management read-only role

You may want to allow users to review flag configuration or rollout status without making updates. This role is useful for product managers, analysts, or audit/compliance teams.

  1. Follow the same process as provided above, except for the permissions.

  2. Assign the following permissions:

    • For the Flag permission, select Read.

    • For the Target group permission, select Read.

    • For the Custom property, select Read.

      Feature management read-only
      Figure 4. Custom role: Feature management read-only

  3. Select Save.

  4. Assign the role using Tenant settings  Access control.

    The feature management read-only role must include Read privileges for flags, target groups, and custom properties. Without complete read access across these categories, the user may experience limited access to flag configurations, evaluation behavior, and visibility in the UI.

Related documentation

Configure feature flags
Audit history