Permission management - Alibaba Cloud DevOps - Alibaba Cloud Documentation Center

You can grant permissions to team members to maintain smooth business operations and ensure the security of enterprise information. To do this, you can grant global permissions to each role in your team, or grant permissions to specific pipelines or host groups.

Role permissions

Create a role and grant permissions to the role

Log on to the Alibaba Cloud DevOps Flow console. In the left navigation pane, click Global Settings. On the page that appears, click Enterprise role permissions. On the Role Permissions page, view and grant specific permissions to each role. You can configure and add roles and permissions based on your business requirements. 莫小@1x (7)

The configurable types of role permissions

Permission point	Sub-permission point	Description
Global Settings	Create Roles	Manage roles in global settings.
	Modify Role Permissions
	Delete Roles
Pipelines	Create Pipelines	Operation permissions for pipelines.
	Manage Pipelines
	View All Pipelines
Host Groups	Create Host Groups	Operation permissions for host groups.
	Manage Host Groups
Service Connections	Create Service Connections	Operation permissions to manage services on Alibaba Cloud, such as Elastic Compute Service (ECS) and Object Storage Service (OSS).
	Manage Service Connections
Pipeline Templates	Create Pipeline Templates	Operation permissions for pipeline template management.
	Manage Service Connections
Variable Groups	Create Variable Groups	Operation permissions for common variable groups. For more information, see environment variables.
	Manage Variables Groups
Tag Categories	Create Tag Categories	Operation permissions for tag categories.
	Manage Tag Categories
Tags	Create Tags	Operation permissions for tags.
	Manage Tags
Steps	Manage Steps	Operation permissions for step management.
Job Management	Create Job Groups	Operation permissions for job management.
	Manage Job Groups
Build Clusters	Create Build Clusters	Operation permissions for build clusters.
	Manage Build Clusters
Enterprise Maven Configurations	Manage Enterprise Maven Configurations	Set up custom Maven configurations in organization settings.
Pipeline Groups	Manage Pipeline Groups	Boost efficiency and security by permission management for pipeline groups and members, which allows for better oversight of development, testing, and production environments.
Kubernetes Clusters	Create Kubernetes Clusters	Manage Kubernetes clusters and usage permissions.
	Manage Kubernetes Clusters
General Settings	Visibility Management	View pipelines or pipeline groups that you have permission to access.
	Manage SSH Public Key of Organization	When you configure code sources, you can use or reset the public key of the organization.
Resource Usage	View Resource Usage	View the resource information of the pipeline.
	Download Resource Usage

Assign a role to a team member
Log on to the Alibaba Cloud DevOps workbench. In the left navigation pane, click Organization Settings. On the page that appears, click Members. In the member list, specify Roles for the team member.

Pipeline member permissions

Log on to the Flow console, select the pipeline that you want to configure in the My Pipelines list. On the page that appears, click the icon in the upper right corner, and then click Configure Pipeline. In the dialog that appears, click Member Permissions, find the member you want to configure from the member list, and then grant permissions to the member.

Group@1x

The following table shows the permission details for different roles and groups:

	Owner permission	All permissions	Run permission	View permission
View pipelines	✔︎	✔︎	✔︎	✔︎
Edit pipelines	✔︎	✔︎	✘	✘
Delete pipelines	✔︎	✔︎	✘	✘
Run pipelines	✔︎	✔︎	✔︎	✘
Add members	✔︎	✔︎	✘	✘

Pipeline group permissions

Log on to the Flow console. In the left navigation pane, click the group that you want to configure. On the page that appears, click the member icon at the top, and assign permissions to the selected member in the member list.

Group@1x

The following table shows the permission details for different roles and groups:

	All permissions	Run permission	View permission
View pipelines in the group	✔︎	✔︎	✔︎
Edit pipelines in the group	✔︎	✘	✘
Delete pipelines in the group	✔︎	✘	✘
Run pipelines in the group	✔︎	✔︎	✘
Add members to pipelines in the group	✔︎	✘	✘
Add members to the group	✔︎	✘	✘

The permission configurations for pipeline groups and their individual pipelines adhere to the following rules:

If permissions are granted to a member at the group level but not to an individual pipeline within the group, the permissions of the member for the pipeline inherit from the group.
If the permissions of a member are granted both at the group level and for a specific pipeline within the group, the permissions for the pipeline are determined by the higher permission scope.
To move a pipeline to a group, you must have full permissions for the pipeline.
With full permissions for a pipeline group, you can add group members, create pipelines within the group, and move pipelines to the group.

Host group member permissions

Log on to the Flow console. In the left navigation pane, click Global Settings. On the page that appears, click Host Group Management, select the host group that you want to configure, and then click Invite in the upper right corner of the host group list. In the dialog box that appears, add the members and assign the corresponding roles to them.

莫小@1x (13)

The following table lists the specific role permissions for different roles and groups:

	Administrator	User
Use host groups	✔︎	✔︎
Edit host groups	✔︎	✘
Delete host groups	✔︎	✘
Add members	✔︎	✘