A FlexDeploy Group represents a set of global permissions defining the authority its users have. All users having membership to the group inherit its permissions. The FlexDeploy installation creates an administration group (FD Administrators), which is assigned to initial administrator user name created during registration. This group is granted full administrative privileges and is the only group which has access to create/edit groups and users.

Before creating any groups, it is recommended to spend the time to determine the granularity of roles required by your company so you will have the appropriate security in place when you begin onboarding users.

Searching Groups

Select Security -> Groups from the menu.

...

By default, all groups are displayed in the search results. To refine the search results, click the filter icon on a column. You can click column names to sort. The usual saved query support is available as well.

Viewing Group Memberships

Select Security -> Groups from the menu.

To view the users who are members of a group, click the actions icon and choose View Members.

...

Creating/Editing Groups

Select Security -> Groups from the menu.

To create a new group click the Create button or copy an existing group by clicking the actions icon in a group’s row and choosing Copy. To edit an existing group, select that group and click the Edit button.

...

Enter the required Group details as described in the table below.

...

Field Name

...

Required

...

Description

...

Group Name

...

Yes

...

The name of the group.

...

Description

...

No

...

A description for the group.

...

Active

...

Yes

...

Whether the group is active or not. Defaults to "Yes".

...

Admin Group

...

Yes

...

Should this group have full admin rights to all of FlexDeploy?

Other permissions are granted later.

Global Permissions

Global Permissions define the authority a group (and its users) has group’s members have for the various objects within FlexDeploy. The FlexDeploy Administrator has Members of Admin Groups have all privileges across the FlexDeploy system. To designate the a group as a FlexDeploy Administrator, select the FlexDeploy Administrator checkbox. Additionally, few permissions are only available to FlexDeploy Administrator users, like setting up Security details (users, groups, realms etc.).

For each FlexDeploy object, select the necessary checkboxes indicating which permissions should be granted to the group. The table below provides a description for the various permission types. Note that each FlexDeploy object may only have subset of these permissions.

...

Permission Type

...

Description

...

Page View

...

Allows opening the pages, but not necessarily seeing any objects on the pages.

...

Read

...

Allows viewing the contents of objects.

...

Update

...

Allows updating the contents of existing objects.

...

Create/Update

...

Allows creating new objects and updating existing objects.

...

Upload

...

Allows uploading file to create new objects.

...

Delete

...

Allows deleting existing objects.

...

Create Snapshot

...

Allows creating release snapshots.

...

Configure Project List

...

Allows managing the projects on releases.

...

Configure Pipeline

...

Allows configuring the pipeline on releases.

...

Configure CMS

...

Allows changing the CMS settings on releases.

...

Manage Lifecycle

...

Allows starting, pausing, and ending releases.

...

Grant Permissions

...

Allows modifying the permissions on releases. This allows some users to have access to certain parts of certain releases.

...

View Tracking

...

Allows viewing webhook messages page.

...

View Message Logs

...

Allows viewing logs of a webhook message.

...

View Message Details

...

Allows viewing of the payload, query params and headers of an incoming webhook message.

...

Resubmit Message

...

Allows resubmitting a webhook message.

Deployment Permissions for Environments

If you wish to configure specific environments where you would like groups to have permission to deploy to, click the 'Deployment Permissions' tab of the Edit Group screen.  Any environments you want the group to have authority to deploy to, shuttle to the 'Selected Environments' side of the the shuttle box.  By default, the 'All Environments' checkbox is checked.

...

Click Save to save updates and navigate back to previous screen. Click Apply to save updates and stay on edit user screen. Click Back to go back to previous screen without saving anythingan Admin Group, use the groups screen.

For other permissions, use the Global Permissions screen to grant access to screens, or rights to view or modify data in FlexDeploy.

To get to Global Permissions, navigate in the menu to Security → Permissions.

...

You can grant full read-only access to FlexDeploy using the Grant Read Only button in the top right. Typically users benefit from being able to see the data on all the screens. This is especially helpful in trouble-shooting scenarios. This does not grant the access to view the plain-text values of secrets stored in FlexDeploy, but it allows users to see that topology isn’t connected properly, or that a workflow wasn’t activated.

...

You can filter using the filter box in the top left to see the permissions for a certain group. Once you do, the rows below that don’t grant any permissions to that group will be hidden. Rows that do will remain. If the user has read-only permission, the row will be there, and you can easily add and write permissions that are available for that row. Not all permissions have separate read and write access.

Permission descriptions are shown below each available permission.