RBAC permissions reference

2 minute read

RBAC permissions in CloudBees Unify are organized into categories that define user and team access across applications, environments, and organizational resources. Use this reference when configuring security settings, troubleshooting permission issues, or creating custom roles.

Permission categories and privilege levels

RBAC permissions are organized into categories that reflect different functional areas of the platform. Each permission operates at one of five privilege levels that define the type of access granted.

Privilege levels

Each permission within the categories uses one of five privilege levels:

  • Read: Grants a user the ability to read an entity.

  • Create: Grants a user the ability to create an entity.

  • Update: Grants a user the ability to update an entity.

  • Delete: Grants a user the ability to delete an entity.

  • Execute: Grants a user the ability to execute an action.

In feature management the Execute permission is selectable but not currently evaluated; it has no effect. This does not affect Execute in other parts of the product.

Permission specifications

The following table details each permission, organized by category.

Table 1. Permission descriptions
Category Permission Description

Tenants

Teams

Team management and permissions.

User invite

Invite new users to CloudBees Unify.

Users

User management and permissions.

Components

Artifact

Workflow and ASPM artifact management.

Log

Workflow log management.

Resource

Inheritance resource management.

Workflow automation

Workflow automation management.

Workflow event

Management of external workflow events reported by actions.

Configurations

Endpoint

Endpoint and integration management.

Environment

Environment management.

Extension

Actions catalog management.

Property

Workflow property management.

Analytics

CI insights

CI insights for Jenkins® management.

VSM

Value stream management and reporting.

Feature management

Flag

Feature flags management.

Approval

Manage creation and approval of feature flag change requests.

Custom property

Manage user-defined attributes for feature flag logic.

Target group

Manage groups of users for flag evaluation.

Continuous Security

Review risk accepted request

Review a transition request for a risk accepted finding.

Review false positive request

Review a transition request for a false positive finding.

SLA Configuration

Define the service-level agreement (SLA) for an organization.

Triage findings

Triage security findings.

View findings by triage status

View findings by their triage status.

Other

API tokens

API token management.

Account

Account management.

Audit log

Audit log management.

Authorization

User authorization.

Entitlement

Entitlement management for features.

Manual approvals

Manual approval management.

Role

Role management, including custom roles.

Secret and credential

Secrets and credentials management.

Security

Security management.

Predefined roles

The predefined roles provide common access patterns:

  • Admin: Has full administrative control over all functionality on the selected application or environment.

  • Approver: Able to execute manual approval of a workflow in response to an approval request.

  • User: Has read-only access to all functionality on the selected resource and its sub-resources.