RBAC permissions in CloudBees Unify are organized into categories that define user and team access across applications, environments, and organizational resources. Use this reference when configuring security settings, troubleshooting permission issues, or creating custom roles.
Permission categories and privilege levels
RBAC permissions are organized into categories that reflect different functional areas of the platform. Each permission operates at one of five privilege levels that define the type of access granted.
Privilege levels
Each permission within the categories uses one of five privilege levels:
-
Read: Grants a user the ability to read an entity.
-
Create: Grants a user the ability to create an entity.
-
Update: Grants a user the ability to update an entity.
-
Delete: Grants a user the ability to delete an entity.
-
Execute: Grants a user the ability to execute an action.
| In feature management the Execute permission is selectable but not currently evaluated; it has no effect. This does not affect Execute in other parts of the product. |
Permission specifications
The following table details each permission, organized by category.
| Category | Permission | Description |
|---|---|---|
Tenants |
Teams |
Team management and permissions. |
User invite |
Invite new users to CloudBees Unify. |
|
Users |
User management and permissions. |
|
Components |
Artifact |
Workflow and ASPM artifact management. |
Log |
Workflow log management. |
|
Resource |
Inheritance resource management. |
|
Workflow automation |
Workflow automation management. |
|
Workflow event |
Management of external workflow events reported by actions. |
|
Configurations |
Endpoint |
Endpoint and integration management. |
Environment |
Environment management. |
|
Extension |
Actions catalog management. |
|
Property |
Workflow property management. |
|
Analytics |
CI insights |
CI insights for Jenkins® management. |
VSM |
Value stream management and reporting. |
|
Feature management |
Flag |
Feature flags management. |
Approval |
Manage creation and approval of feature flag change requests. |
|
Custom property |
Manage user-defined attributes for feature flag logic. |
|
Target group |
Manage groups of users for flag evaluation. |
|
Continuous Security |
Review risk accepted request |
Review a transition request for a risk accepted finding. |
Review false positive request |
Review a transition request for a false positive finding. |
|
SLA Configuration |
Define the service-level agreement (SLA) for an organization. |
|
Triage findings |
Triage security findings. |
|
View findings by triage status |
View findings by their triage status. |
|
Other |
API tokens |
API token management. |
Account |
Account management. |
|
Audit log |
Audit log management. |
|
Authorization |
User authorization. |
|
Entitlement |
Entitlement management for features. |
|
Manual approvals |
Manual approval management. |
|
Role |
Role management, including custom roles. |
|
Secret and credential |
Secrets and credentials management. |
|
Security |
Security management. |
Predefined roles
The predefined roles provide common access patterns:
-
Admin: Has full administrative control over all functionality on the selected application or environment.
-
Approver: Able to execute manual approval of a workflow in response to an approval request.
-
User: Has read-only access to all functionality on the selected resource and its sub-resources.