Configure role-based access control

2 minute read

View, grant, and manage role-based access control (RBAC) permissions to control user and team access across applications, environments, and organizational resources.

You must have the Admin role to manage RBAC, including roles and permissions.

To configure RBAC, navigate to Admin settings > Tenant settings. Use Access control to view and grant roles, Roles to manage custom roles. Use search and filter controls as needed to locate specific assignments or roles.

Grant roles to users and teams

Assign one or more roles to a user or team for a specific resource such as an application or environment. You can grant both predefined and custom roles to any user or team. Role assignments define what users or teams are allowed to do in a specific context.

For example, User‑A has the Admin role for Application A. In Application B, User‑A has the Approver role for Environments Dev and Staging, and a custom role for feature management in Production.

To grant one or more roles:

  1. Select Grant role.

  2. Select a Principal (a specific user or team) from the options.

  3. Select a Resource type from the options.

  4. Select a Resource from the available options within your organizational structure.

  5. Select a Role from the options.

  6. (Optional) Select Add another role to grant the same Principal another role. You may add unlimited roles.

  7. Select Save.

A role or roles for the defined resources are granted to the specified user or team.

Manage custom roles

Create custom roles for specific users or teams to provide them with the least privileges necessary to perform their work. Delete any custom roles as necessary.

Create a custom role

A role in CloudBees Unify grants a set of permissions to a specific user or team.

CloudBees recommends that you follow the principle of least privilege, and provide only the minimum level of access needed for a user to perform their job function.

To create a custom role:

  1. Select Create Role

  2. Select Pencil next to Custom Role, and then enter a name for the role.

  3. (Optional) Select Pencil next to Description to enter a description, such as a summary of permissions granted.

  4. (Optional) Select a category on the left pane to scroll to that category.

  5. Select permissions to be granted to your custom role by choosing one or more privilege levels next to the permission you want to grant.

  6. Select Save.

The custom role is created with the selected permissions and is displayed in Roles.

Update or delete custom roles

Use the ellipsis menu next to any custom role to edit or delete it.

Predefined roles cannot be edited or deleted.
Deleting a custom role is irreversible and completely removes it from the platform.