...
| Object Type | Permission | Notes | General Recommendation |
|---|---|---|---|
| Project1 | Read | Project read is allowed, i.e. project can be opened by user. | All Users |
| Project1 | View Logs | Project execution and associated logs can be viewed. | All Users |
| Project1 | Create Folder/Application/Project | Project, folder, application can be created. | Technical Leads |
| Project1 | Configure Folder/Application/Project | Project, folder, application can be configured. | Technical Leads |
| Project1 | Configure Files | Project files can be populated and updated. | Developers, Technical Leads |
| Project1 | Configure Commands | Deployment commands (EBS) can be updated. This should be restricted to admin users. | FD Administrators |
| Project1 | Execute | Project build/deploy/test request can be submitted. Deployment environments are further controlled by Deployment Permissions. | Developers, Technical Leads |
| Project | Page View | Allows access to Project menu. | All Users |
| Approval Setup | Read | Approvals (outside of pipeline) can be read. | All Users |
| Approval Setup | Create / Update | Approvals (outside of pipeline) can be created or updated. | Change Management/Operations |
| Window Setup | Read | Schedule windows (outside of pipeline) can be read. | All Users |
| Window Setup | Create / Update | Schedule windows (outside of pipeline) can be created or updated. | Change Management/Operations |
| Notification Setup | Read | Configured notifications (email) can be read. | All Users |
| Notification Setup | Create / Update | Additional notifications (email) can be created or updated. | All Users |
| Notification Setup | Delete | Additional notifications (email) can be deleted. | All Users |
| Workflow | Read | Workflow (build,deploy, test etc.) can be read. This contains execution code for build and deployment. | All Users |
| Workflow | Create / Update | Workflow (build,deploy, test etc.) can be created or updated. This contains execution code for build and deployment. | FD Administrators |
| Release2 | Read | Release (collection of projects for specific delivery) can be read. | All Users |
| Release2 | Create/Update | Release (collection of projects for specific delivery) can be created or updated. | Change Management/Operations |
| Release2 | Create Snapshot | Create snapshot is process of including build version in to release. Developer can be responsible for this as well. | Developers, Technical Leads |
| Release2 | Configure Project List | Projects and packages can be added or removed from release. | Developers, Technical Leads |
| Release2 | Configure Pipeline | Pipeline can be configured on release with this permission. Access to Override members on Teams tab is also controlled by this permission. | Change Management/Operations |
| Release2 | Configure CMS | Change management system details can be configured on release with this permission. | Change Management/Operations |
| Release2 | Manage Lifecycle | Release start, pause, end actions are allowed with this permission. | Change Management/Operations |
| Release2 | Grant Permissions | Release permission can be changed with this permission, otherwise Administrator users can configure permissions. | FD Administrators |
| Pipeline | Read | Pipeline can be read. Pipeline defined promotion process through various environments. | All Users |
| Pipeline | Update | Pipeline can be created or updated. | FD Administrators |
| Report | Read | Reports can be read. | All Users |
| Environment Instance | Read | Topology object read permission. | All Users |
| Environment Instance | Create / Update | Topology object update permission. Allows update to properties like folder, user, password etc. | FD Administrators |
| Environment | Read | Topology object read permission. | All Users |
| Environment | Create / Update | Topology environment can be created or updated. | FD Administrators |
| Instance | Read | Topology object read permission. | All Users |
| Instance | Create / Update | Deployment target (logical) can be created or updated. | FD Administrators |
| Endpoint | Read | Endpoint (SSH configuration) to connect to target nodes can be read. | All Users |
| Endpoint | Update | Endpoint (SSH configuration) to connect to target nodes can be created or updated. | FD Administrators |
| Scheduled Task | Read | Scheduled task (deployment outside of pipeline waiting for schedule) can be read. | All Users |
| Scheduled Task | Update | Scheduled task (deployment outside of pipeline waiting for schedule) can be overriden, allows immediate run of deployment. | Change Management/Operations |
| Plugin | Read | Plugin details can be read. | All Users |
| Plugin | Upload | Plugin can be uploaded and activated. Generally restricted to Administrators. | FD Administrators |
| Property Set | Read | Configured property details (plugin or workflow based) can be read. Internal details. | All Users |
| Template | Read | Templates can be read. Templates allow creation of projects using CSV input data. | All Users |
| Template | Create / Update | Templates can created or updated. | FD Administrators |
| Defaults | Read | Defaults can be read. Defaults allow some customizable defaults when new objects are created in FlexDeploy. | All Users |
| Defaults | Update | Defaults configuration can be updated. | FD Administrators |
| FlexField | Read | FlexField configurations can be read. FlexFields are custom inputs to build and deploy workflow requests. | All Users |
| FlexField | Update | FlexFields can be configured (enalbed) | FD Administrators |
| Test Type | Read | Test type names can be read. | All Users |
| Test Type | Create / Update | Test type names can be created or updated. | FD Administrators |
| Object Type | Read | Object Type customization details can be read. Customization is restricted to Administrator users. | All Users |
| Testing Tool | Read | Testing tools configurations can be read. | All Users |
| Testing Tool | Create / Update | Cutom testing tools configurations can be created or updated. | FD Administrators |
| Issue Tracking System | Read | Issue tracking system configurations can be read. | All Users |
| Issue Tracking System | Update | Global configurations for Issue Tracking Systems can be updated. | FD Administrators |
| Change Management System | Read | Change management system configurations can be read. | All Users |
| Change Management System | Update | Global configurations for change management systems can be updated. | FD Administrators |
| Cloud Account | Read | Cloud Account details can be read. | All Users |
| Cloud Account | Create / Update | Cloud Account can be created or updated. | FD Administrators |
| Artifact Repository Account | Read | Artifact Repository Account details can be read. | All Users |
| Artifact Repository Account | Create / Update | Artifact Repository Account can be created or updated. | FD Administrators |
| CI Server Account | Read | CI Server Account details can be read. | All Users |
| CI Server Account | Create / Update | CI Server Account can be created or updated. | All Users |
| Analysis Tool Account | Read | Analysis Tool Account details can be read. | All Users |
| Analysis Tool Account | Create / Update | Analysis Tool Account can be created or updated. | All Users |
| Other Tools Account | Read | Other Tools Account details can be read. | FD Administrators, DBA, Middleware Administrators |
| Other Tools Account | Create / Update | Other Tools Account can be created or updated. | FD Administrators, DBA, Middleware Administrators |
| Account Provider | Read | Account providers for cloud accounts can be read. | All Users |
| Account Provider | Create / Update | Account providers (custom) for cloud accounts can be created or updated. | All Users |
| User | Read | User information can be read. Users management is restricted to Administrator users. | All Users |
| Group | Read | Group information can be read. Group management is restricted to Administrator users. | All Users |
| Realm | Read | Realm information can be read. Realm configuration is restricted to Administrator users. | All Users |
| Credential | Read | Credential details can be read. Note that secret text like password can never be read in clear text, hence you can only see details necessary to request credential from store. | All Users |
| Credential | Create / Update | Credential details including secret text like password can be be entered. | FD Administrators, DBA, Middleware Administrators |
| Credential | Delete | Credential can be deleted if not used. | FD Administrators, DBA, Middleware Administrators |
| Credential Store | Read | Credential store details can be read. Management of stores is restricted for Administrators. | All Users |
| Credential Store Provider | Read | Credential store providers can be read. Management of store providers is restricted for Administrators. | All Users |
| Webhook Functions | Read | Webhook functions can be read. | All Users |
| Webhook Functions | Create / Update | Webhook functions can be created or updated. | Technical Leads, Developers |
| Webhook Functions | Delete | Webhook functions can be deleted. | Technical Leads |
| Webhook Providers | Read | Webhook providers can be viewed. | All Users |
| Webhook Providers | Create / Update | Webhook providers can be created or updated. | Technical Leads, Developers |
| Webhook Messages | View Tracking | Webhook messages screen can be viewed. | All Users |
| Webhook Messages | View Message Logs | Webhook message logs can be viewed. | Technical Leads, Developers |
| Webhook Messages | View Message Details | Webhook message payload, query params and headers can be viewed. | Technical Leads, Developers |
| Webhook Messages | Resubmit Message | Webhook message can be resubmitted. | Technical Leads, Developers |
| Deployment Permissions | Allows control which environments user is allowed to perform deployment. |
...