Wiki source code of Users and roles
Version 8.1 by Boris Folgmann on 2026/05/20 13:13
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
1.1 | 1 | {{toc depth="1"/}} |
| 2 | |||
| 3 | = Role Model = | ||
| 4 | |||
| |
7.2 | 5 | == Portal Roles == |
| 6 | |||
| |
8.1 | 7 | |=Portal Role|=Description |
| 8 | |((( | ||
| 9 | Admin | ||
| 10 | )))|Admins have full-access. They can //create//, //edit //and //delete //all kinds of entities, like users, projects, organizations, technical users and roles. Therefore, they can also add additional admins who have the same privileges. The last Admin cannot remove himself. | ||
| 11 | |((( | ||
| 12 | Creator | ||
| 13 | )))|Creators can //create //all kinds of entities like users, projects, organizations and technical users. When a Creator creates a new project he is automatically assigned an admin role in the project, which allows him to add more members. | ||
| 14 | |((( | ||
| 15 | User | ||
| 16 | )))|All other users are simply called users. They can be assigned any role in projects. | ||
| |
7.2 | 17 | |
| |
7.1 | 18 | == Project Roles == |
| 19 | |||
| |
1.1 | 20 | Each user who is a member of a project has to be in //exactly one// Project Role. Therefore it is not possible to have no or multiple roles in a project. |
| 21 | |||
| 22 | Different roles have different sets of permissions. Possible roles are: | ||
| 23 | |||
| |
7.2 | 24 | (% class="responsive-table" %) |
| 25 | (% class="active" %)|=((( | ||
| |
1.1 | 26 | Role |
| |
5.1 | 27 | )))|=((( |
| |
6.3 | 28 | Description |
| |
1.1 | 29 | ))) |
| |
5.1 | 30 | |((( |
| |
1.1 | 31 | Admin |
| |
5.1 | 32 | )))|((( |
| |
6.3 | 33 | Full access, even to potentially dangerous operations like deleting content in the Project. Can administer Project Members and Roles. |
| |
1.1 | 34 | ))) |
| |
5.1 | 35 | |((( |
| |
1.1 | 36 | Master |
| |
6.3 | 37 | )))|Elevated write acccess, excluding potentially dangerous operations which can lead to massive data loss or other unrevertable changes. |
| |
5.1 | 38 | |((( |
| |
1.1 | 39 | Developer |
| |
5.1 | 40 | )))|((( |
| |
7.1 | 41 | General read-write access to contribute to the Project |
| |
1.1 | 42 | ))) |
| |
5.1 | 43 | |((( |
| |
1.1 | 44 | Viewer |
| |
5.1 | 45 | )))|((( |
| |
1.1 | 46 | Read-only access to all not security-relevant data in the Project |
| 47 | ))) | ||
| 48 | |||
| 49 | Currently, the role assignment is applied for all tools within one project. | ||
| 50 | |||
| 51 | {{info}} | ||
| 52 | Note: | ||
| 53 | To ensure the integrity of the applications in the context of the managed service, no customer user is allowed to get system admin permissions for the tools. The maximum permissions for a customer user is the "Project Admin" role as described here | ||
| 54 | {{/info}} | ||
| 55 | |||
| |
5.1 | 56 | = User Permissions in DevOps Portal = |
| |
1.1 | 57 | |
| |
5.1 | 58 | |=((( |
| |
1.1 | 59 | Role Type |
| |
5.1 | 60 | )))|=(% colspan="3" rowspan="1" %)((( |
| 61 | Portal Role | ||
| 62 | )))|=(% rowspan="23" %) |=(% colspan="4" %)((( | ||
| |
1.1 | 63 | Project Role |
| 64 | ))) | ||
| |
5.1 | 65 | |((( |
| |
1.1 | 66 | **Role Name** |
| |
5.1 | 67 | )))|((( |
| |
1.1 | 68 | **User** |
| |
5.1 | 69 | )))|((( |
| |
1.1 | 70 | **Admin** |
| |
5.1 | 71 | )))|((( |
| 72 | **Creator ** | ||
| 73 | )))|((( | ||
| |
1.1 | 74 | **Viewer** |
| |
5.1 | 75 | )))|((( |
| |
1.1 | 76 | **Developer** |
| |
5.1 | 77 | )))|((( |
| |
1.1 | 78 | **Master** |
| |
5.1 | 79 | )))|((( |
| |
1.1 | 80 | **Admin** |
| 81 | ))) | ||
| |
5.1 | 82 | |Login to DevOps Portal|✅|✅|✅|✅|✅|✅|✅ |
| 83 | |Logout from DevOps Portal|✅|✅|✅|✅|✅|✅|✅ | ||
| 84 | |Change my password|✅|✅|✅|✅|✅|✅|✅ | ||
| 85 | |Reset forgotten password|✅|✅|✅|✅|✅|✅|✅ | ||
| 86 | |Display list of users|✅|✅|✅|✅|✅|✅|✅ | ||
| 87 | |Search for user |✅|✅|✅|✅|✅|✅|✅ | ||
| 88 | |Add or remove "Corporate Admin" role to user |❌|✅|❌|❌|❌|❌|❌ | ||
| 89 | |Create User|❌|✅|✅|❌|❌|❌|❌ | ||
| 90 | |Delete User|❌|✅|❌|❌|❌|❌|❌ | ||
| 91 | |Lock User|❌|✅|❌|❌|❌|❌|❌ | ||
| 92 | |Unlock User|❌|✅|❌|❌|❌|❌|❌ | ||
| 93 | |Send invitation mail for first login|❌|✅|❌|❌|❌|❌|❌ | ||
| 94 | |Display list of projects |❌|✅|❌|⚠ Only his projects|⚠ Only his projects|⚠ Only his projects|⚠ Only his projects | ||
| 95 | |Search for project |❌|✅|❌|⚠ Only his projects|⚠ Only his projects|⚠ Only his projects|⚠ Only his projects | ||
| 96 | |Create project |❌|✅|✅|❌|❌|❌|❌ | ||
| 97 | |Delete project|❌|✅|❌|❌|❌|❌|❌ | ||
| 98 | |Retire project |❌|✅|❌|❌|❌|❌|⚠ Only his projects | ||
| 99 | |Reactivate project|❌|✅|❌|❌|❌|❌|⚠ Only his projects | ||
| 100 | |Add User to Project|❌|✅|❌|❌|❌|❌|⚠ Only his projects | ||
| 101 | |Remove User from Project|❌|✅|❌|❌|❌|❌|⚠ Only his projects | ||
| 102 | |Display used storage by project/tool or total|❌|✅|❌|⚠ Only his projects|⚠ Only his projects|⚠ Only his projects|⚠ Only his projects | ||
| |
1.1 | 103 | |
| 104 | = JIRA Project Roles / Permission Scheme = | ||
| 105 | |||
| 106 | In JIRA the Project Roles are first added to Security / Project Roles and then they get their Permissions assigned in the SDCloud Permission Scheme which has to associated later with the Jira Projects. | ||
| 107 | |||
| |
5.1 | 108 | |=((( |
| |
1.1 | 109 | Permission / Role |
| |
5.1 | 110 | )))|=((( |
| |
1.1 | 111 | Admin |
| |
5.1 | 112 | )))|=((( |
| |
1.1 | 113 | Master |
| |
5.1 | 114 | )))|=((( |
| |
1.1 | 115 | Developer |
| |
5.1 | 116 | )))|=((( |
| |
1.1 | 117 | Viewer |
| 118 | ))) | ||
| |
5.1 | 119 | |=(% colspan="1" %)((( |
| |
1.1 | 120 | Project Permissions |
| |
5.1 | 121 | )))|(% colspan="1" %)((( |
| |
1.1 | 122 | |
| |
5.1 | 123 | )))|(% colspan="1" %)((( |
| |
1.1 | 124 | |
| |
5.1 | 125 | )))|(% colspan="1" %)((( |
| |
1.1 | 126 | |
| |
5.1 | 127 | )))|(% colspan="1" %)((( |
| |
1.1 | 128 | |
| 129 | ))) | ||
| 130 | |Administer projects | ||
| 131 | Enabled Extended project administration|✅|❌|❌|❌ | ||
| 132 | |Browse projects|✅|✅|✅|✅ | ||
| 133 | |Manage sprints|✅|✅|❌|❌ | ||
| 134 | |Service Desk Agent|✅|✅|✅|❌ | ||
| 135 | |View development tool|✅|✅|✅|✅ | ||
| 136 | |View (read-only) workflow|✅|✅|✅|✅ | ||
| |
5.1 | 137 | |=Issue Permissions| | | | |
| |
1.1 | 138 | |Assign issues|✅|✅|✅|❌ |
| 139 | |Assignable user|✅|✅|✅|❌ | ||
| 140 | |Close issues|✅|✅|❌|❌ | ||
| 141 | |Create issues|✅|✅|✅|❌ | ||
| 142 | |Delete issues|✅|❌|❌|❌ | ||
| 143 | |Edit issues|✅|✅|✅|❌ | ||
| 144 | |Link issues|✅|✅|✅|❌ | ||
| 145 | |Modify reporter|✅|✅|❌|❌ | ||
| 146 | |Move issues|✅|✅|❌|❌ | ||
| 147 | |Resolve issues|✅|✅|✅|❌ | ||
| 148 | |Schedule issues|✅|✅|❌|❌ | ||
| 149 | |Set issues security|✅|❌|❌|❌ | ||
| 150 | |Transition issues|✅|✅|✅|❌ | ||
| |
5.1 | 151 | |=(% colspan="1" %)Voters & watchers permissions|(% colspan="1" %) |(% colspan="1" %) |(% colspan="1" %) |(% colspan="1" %) |
| |
3.1 | 152 | |Manage watcher list|✅|✅|❌|❌ |
| |
1.1 | 153 | |View voters and watchers|✅|✅|✅|❌ |
| |
5.1 | 154 | |=(% colspan="1" %)Comments permissions|(% colspan="1" %) |(% colspan="1" %) |(% colspan="1" %) |(% colspan="1" %) |
| |
1.1 | 155 | |Add comments|✅|✅|✅|❌ |
| 156 | |Delete all comments|✅|❌|❌|❌ | ||
| 157 | |Delete own comments|✅|✅|✅|❌ | ||
| 158 | |Edit all comments|✅|❌|❌|❌ | ||
| 159 | |Edit own comments|✅|✅|✅|❌ | ||
| |
5.1 | 160 | |=(% colspan="1" %)Attachments permissions|(% colspan="1" %) |(% colspan="1" %) |(% colspan="1" %) |(% colspan="1" %) |
| |
1.1 | 161 | |Create attachments|✅|✅|✅|❌ |
| 162 | |Delete all attachments|✅|❌|❌|❌ | ||
| 163 | |Delete own attachments|✅|✅|✅|❌ | ||
| |
5.1 | 164 | |=(% colspan="1" %)Time-tracking Permissions|(% colspan="1" %) |(% colspan="1" %) |(% colspan="1" %) |(% colspan="1" %) |
| |
1.1 | 165 | |Work on issues|✅|✅|✅|❌ |
| 166 | |Delete all worklogs|✅|❌|❌|❌ | ||
| 167 | |Delete own worklogs|✅|✅|✅|❌ | ||
| 168 | |Edit all worklogs|✅|❌|❌|❌ | ||
| 169 | |Edit own worklogs|✅|✅|✅|❌ | ||
| 170 | |||
| 171 | * Service Desk Agent is only available if the software was added to JIRA | ||
| 172 | |||
| 173 | = Confluence Project Roles = | ||
| 174 | |||
| |
5.1 | 175 | See vendor documentation for the exact meaning: [[https:~~/~~/confluence.atlassian.com/doc/space-permissions-overview-139521.html>>url:https://confluence.atlassian.com/doc/space-permissions-overview-139521.html]]. |
| |
1.1 | 176 | |
| |
5.1 | 177 | |=((( |
| |
1.1 | 178 | Space |
| |
5.1 | 179 | )))|=(% colspan="2" %)((( |
| |
1.1 | 180 | All |
| |
5.1 | 181 | )))|=(% colspan="2" %)((( |
| |
1.1 | 182 | Pages |
| |
5.1 | 183 | )))|=(% colspan="2" %)((( |
| |
1.1 | 184 | Blog |
| |
5.1 | 185 | )))|=(% colspan="2" %)((( |
| |
1.1 | 186 | Attachments |
| |
5.1 | 187 | )))|=(% colspan="2" %)((( |
| |
1.1 | 188 | Comments |
| |
5.1 | 189 | )))|=((( |
| |
1.1 | 190 | Restrictions |
| |
5.1 | 191 | )))|=((( |
| |
1.1 | 192 | |
| |
5.1 | 193 | )))|=(% colspan="2" %)((( |
| |
1.1 | 194 | Space |
| 195 | ))) | ||
| 196 | |=(% colspan="1" %)Role/Operation|(% colspan="1" %)View|(% colspan="1" %)Delete Own|(% colspan="1" %)Add|(% colspan="1" %)Delete|(% colspan="1" %)Add|(% colspan="1" %)Delete|(% colspan="1" %)Add|(% colspan="1" %)Delete|(% colspan="1" %)Add|(% colspan="1" %)Delete|(% colspan="1" %)Add/Delete|(% colspan="1" %)Delete|(% colspan="1" %)Export|(% colspan="1" %)Admin | ||
| 197 | |=Admin|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅ | ||
| 198 | |=Master|✅|✅|✅|❌|✅|❌|✅|❌|✅|✅|✅|❌|✅|❌ | ||
| 199 | |=Developer|✅|✅|✅|❌|❌|❌|✅|❌|✅|❌|❌|❌|❌|❌ | ||
| 200 | |=Viewer|✅|❌|❌|❌|❌|❌|❌|❌|❌|❌|❌|❌|❌|❌ | ||
| 201 | |||
| 202 | = Bitbucket Project Roles = | ||
| 203 | |||
| |
5.1 | 204 | |=((( |
| |
1.1 | 205 | |
| |
5.1 | 206 | )))|=((( |
| 207 | Browse | ||
| 208 | )))|=((( | ||
| 209 | Clone / Pull | ||
| 210 | )))|=(% colspan="1" %)((( | ||
| 211 | Create, browse, comment on pull request | ||
| 212 | )))|=(% colspan="1" %)((( | ||
| 213 | Merge pull request | ||
| 214 | )))|=(% colspan="1" %)((( | ||
| 215 | Push | ||
| 216 | )))|=(% colspan="1" %)((( | ||
| 217 | Create repositories | ||
| 218 | )))|=(% colspan="1" %)((( | ||
| 219 | Edit settings / permissions | ||
| |
1.1 | 220 | ))) |
| 221 | |Admin|✅|✅|✅|✅|✅|✅|✅ | ||
| |
4.1 | 222 | |Master|✅|✅|✅|✅|✅|✅|❌ |
| |
1.1 | 223 | |Developer|✅|✅|✅|✅|✅|❌|❌ |
| 224 | |Viewer|✅|✅|✅|❌|❌|❌|❌ | ||
| 225 | |||
| 226 | //Repository permissions are inherited from project permissions.// | ||
| 227 | |||
| 228 | = Jenkins Project Roles = | ||
| 229 | |||
| |
5.1 | 230 | |=(% colspan="1" %)((( |
| |
1.1 | 231 | Permission |
| |
5.1 | 232 | )))|=((( |
| |
1.1 | 233 | Role |
| |
5.1 | 234 | )))|=((( |
| |
1.1 | 235 | Admin |
| |
5.1 | 236 | )))|=((( |
| |
1.1 | 237 | Master |
| |
5.1 | 238 | )))|=((( |
| |
1.1 | 239 | Developer |
| |
5.1 | 240 | )))|=((( |
| |
1.1 | 241 | Viewer |
| |
5.1 | 242 | )))|=(% colspan="1" %)((( |
| |
1.1 | 243 | Authenticated Users |
| |
5.1 | 244 | )))|=(% colspan="1" %)((( |
| |
1.1 | 245 | Anonymous Users |
| |
5.1 | 246 | )))|=(% colspan="1" %)((( |
| |
1.1 | 247 | Prometheus Tech User |
| 248 | ))) | ||
| 249 | |=(% rowspan="5" %)Credentials|Create|✅|✅|❌|❌|❌|❌|❌ | ||
| 250 | |Delete|✅|❌|❌|❌|❌|❌|❌ | ||
| 251 | |Manage Domains|✅|❌|❌|❌|❌|❌|❌ | ||
| 252 | |Update|✅|✅|❌|❌|❌|❌|❌ | ||
| 253 | |View|✅|✅|✅|❌|❌|❌|❌ | ||
| 254 | |=(% rowspan="10" %)Job|Build|✅|✅|✅|❌|❌|❌|❌ | ||
| 255 | |Cancel|✅|✅|❌|❌|❌|❌|❌ | ||
| 256 | |Configure|✅|✅|❌|❌|❌|❌|❌ | ||
| 257 | |Create|✅|✅|❌|❌|❌|❌|❌ | ||
| 258 | |Delete|✅|❌|❌|❌|❌|❌|❌ | ||
| 259 | |Discover|✅|✅|✅|✅|❌|❌|❌ | ||
| 260 | |ExtendedRead| | | | | | | | ||
| 261 | |Move|✅|❌|❌|❌|❌|❌|❌ | ||
| 262 | |Read|✅|✅|✅|✅|❌|❌|❌ | ||
| |
2.1 | 263 | |Workspace|✅|✅|✅|❌|❌|❌|❌ |
| |
1.1 | 264 | |=(% rowspan="3" %)Run|Delete|✅|❌|❌|❌|❌|❌|❌ |
| 265 | |Replay|✅|✅|✅|❌|❌|❌|❌ | ||
| 266 | |Update|✅|✅|✅|❌|❌|❌|❌ | ||
| 267 | |=Job Config History|DeleteEntry| | | | | | | | ||
| 268 | |=SCM|Tag|✅|✅|❌|❌|❌|❌|❌ | ||
| 269 | |=Metrics|HealthCheck| | | | | | | | ||
| 270 | | |ThreadDump| | | | | | | | ||
| 271 | | |View| | | | | | | | ||
| 272 | |||
| 273 | = GitLab = | ||
| 274 | |||
| 275 | Users are assigned to Groups in GitLab with the following roles assignment. Permissions within subordinated Subgroups and GitLab Projects are inherited. | ||
| 276 | |||
| |
5.1 | 277 | |=((( |
| |
1.1 | 278 | Project Role |
| 279 | )))|=((( | ||
| 280 | GitLab Group Members Permission | ||
| 281 | ))) | ||
| 282 | |((( | ||
| 283 | Viewer | ||
| 284 | )))|((( | ||
| 285 | Reporter | ||
| 286 | ))) | ||
| 287 | |((( | ||
| 288 | Developer | ||
| 289 | )))|((( | ||
| 290 | Developer | ||
| 291 | ))) | ||
| 292 | |(% colspan="1" %)((( | ||
| 293 | Master | ||
| 294 | )))|(% colspan="1" %)((( | ||
| 295 | Maintainer | ||
| 296 | ))) | ||
| 297 | |(% colspan="1" %)((( | ||
| 298 | Admin | ||
| 299 | )))|(% colspan="1" %)((( | ||
| 300 | Owner | ||
| 301 | ))) | ||
| 302 | |||
| |
5.1 | 303 | Regarding permissions for Group Permissions in GitLab, see [[https:~~/~~/docs.gitlab.com/ee/user/permissions.html#group-members-permissions>>url:https://docs.gitlab.com/ee/user/permissions.html#group-members-permissions]]. |
| |
1.1 | 304 | |
| 305 | = Harbor Project Roles = | ||
| 306 | |||
| 307 | Harbor manages images through projects. You provide access to these images to users by including the users in projects and assigning one of the following roles to them: | ||
| 308 | |||
| |
5.1 | 309 | |=((( |
| |
1.1 | 310 | Harbor |
| 311 | )))|=((( | ||
| 312 | Portal | ||
| 313 | )))|= | ||
| 314 | |=Role Name|=Role Id|=Project Role | ||
| 315 | |Project Admin|1|ADMIN | ||
| 316 | |Maintainer|4|MASTER | ||
| 317 | |Developer|2|DEVELOPER | ||
| 318 | |Guest|3|VIEWER | ||
| 319 | |||
| 320 | === Harbor Roles Permissions === | ||
| 321 | |||
| |
5.1 | 322 | |=((( |
| |
1.1 | 323 | Action |
| 324 | )))|=((( | ||
| 325 | Limited Guest | ||
| 326 | )))|=((( | ||
| 327 | Guest | ||
| 328 | )))|=((( | ||
| 329 | Developer | ||
| 330 | )))|=((( | ||
| 331 | Maintainer | ||
| 332 | )))|=((( | ||
| 333 | Project Admin | ||
| 334 | ))) | ||
| 335 | |See the project configurations|✅|✅|✅|✅|✅ | ||
| 336 | |Edit the project configurations|❌|❌|❌|❌|✅ | ||
| 337 | |See a list of project members| |✅|✅|✅|✅ | ||
| 338 | |Create/edit/delete project members|❌|❌|❌|❌|✅ | ||
| 339 | |See a list of project logs|✅|✅|✅|✅|❌ | ||
| 340 | |See a list of project replications|❌|❌|❌|✅|✅ | ||
| 341 | |See a list of project replication jobs|❌|❌|❌|❌|✅ | ||
| 342 | |See a list of project labels|❌|❌|❌|✅|✅ | ||
| 343 | |Create/edit/delete project labels|❌|❌|❌|✅|✅ | ||
| 344 | |See a list of repositories|✅|✅|✅|✅|✅ | ||
| 345 | |Create repositories|❌|❌|✅|✅|✅ | ||
| 346 | |Edit/delete repositories|❌|❌|❌|✅|✅ | ||
| 347 | |See a list of images|✅|✅|✅|✅|✅ | ||
| 348 | |Retag image|❌|✅|✅|✅|✅ | ||
| 349 | |Pull image|✅|✅|✅|✅|✅ | ||
| 350 | |Push image|❌|❌|✅|✅|✅ | ||
| 351 | |Scan/delete image|❌|❌|❌|✅|✅ | ||
| 352 | |Add scanners to Harbor *|❌|❌|❌|❌|❌ | ||
| 353 | |Edit scanners in projects|❌|❌|❌|❌|✅ | ||
| 354 | |See a list of image vulnerabilities|✅|✅|✅|✅|✅ | ||
| 355 | |Create list of project vulnerabilities|❌|❌|✅|✅|✅ | ||
| 356 | |Read list of project vulnerabilities|❌|❌|✅|✅|✅ | ||
| 357 | |Export list of project vulnerabilities|❌|❌|✅|✅|✅ | ||
| 358 | |See image build history|✅|✅|✅|✅|✅ | ||
| 359 | |Add/Remove labels of image|❌|❌|✅|✅|✅ | ||
| 360 | |See a list of helm charts|✅|✅|✅|✅|✅ | ||
| 361 | |Download helm charts|✅|✅|✅|✅|✅ | ||
| 362 | |Upload helm charts|❌|❌|✅|✅|✅ | ||
| 363 | |Delete helm charts|❌|❌|❌|✅|✅ | ||
| 364 | |See a list of helm chart versions|✅|✅|✅|✅|✅ | ||
| 365 | |Download helm chart versions|✅|✅|✅|✅|✅ | ||
| 366 | |Upload helm chart versions|❌|❌|✅|✅|✅ | ||
| 367 | |Delete helm chart versions|❌|❌|❌|✅|✅ | ||
| 368 | |Add/Remove labels of helm chart version|❌|❌|✅|✅|✅ | ||
| 369 | |See a list of project robots|❌|❌|❌|✅|✅ | ||
| 370 | |Create/edit/delete project robots|❌|❌|❌|❌|✅ | ||
| 371 | |See configured CVE allowlist|✅|✅|✅|✅|✅ | ||
| 372 | |Create/edit/remove CVE allowlist|❌|❌|❌|❌|✅ | ||
| 373 | |View webhook events|❌|❌|❌|✅|✅ | ||
| 374 | |Add new webhook events|❌|❌|❌|❌|✅ | ||
| 375 | |Enable/deactivate webhooks|❌|❌|❌|❌|✅ | ||
| 376 | |Create/delete tag retention rules|❌|❌|✅|✅|✅ | ||
| 377 | |Enable/deactivate tag retention rules|❌|❌|✅|✅|✅ | ||
| 378 | |Create/delete tag immutability rules|❌|❌|❌|✅|✅ | ||
| 379 | |Enable/deactivate tag immutability rules|❌|❌|❌|✅|✅ | ||
| 380 | |See project quotas|✅|✅|✅|✅|✅ | ||
| 381 | |Edit project quotas *|❌|❌|❌|❌|❌ | ||
| 382 | |Delete Project|❌|❌|❌|❌|✅ | ||
| 383 | |||
| 384 | ~* Only the Harbor system administrator can edit project quotas and add new scanners. | ||
| 385 | |||
| 386 | = Gitea = | ||
| 387 | |||
| 388 | Please note, that some terms used in DevOps-as-a-Service have different names in Gitea. Please check the following table to avoid any confusion. | ||
| 389 | |||
| |
5.1 | 390 | |=((( |
| |
1.1 | 391 | DevOps Portal |
| 392 | )))|=((( | ||
| 393 | Gitea | ||
| 394 | ))) | ||
| 395 | |((( | ||
| 396 | Project | ||
| 397 | )))|((( | ||
| 398 | Organization | ||
| 399 | ))) | ||
| 400 | |((( | ||
| 401 | Project Role | ||
| 402 | )))|((( | ||
| 403 | Team | ||
| 404 | ))) | ||
| 405 | |((( | ||
| 406 | Git Repository | ||
| 407 | )))|((( | ||
| 408 | Repository | ||
| 409 | ))) | ||
| 410 | |((( | ||
| 411 | Artifact Repository | ||
| 412 | )))|((( | ||
| 413 | Package | ||
| 414 | ))) | ||
| 415 | |((( | ||
| 416 | Issue Tracking | ||
| 417 | )))|((( | ||
| 418 | Project (currently disabled) | ||
| 419 | ))) | ||
| 420 | |||
| 421 | The **Owner** team has full admin permission in the Organization. This is a technical user used by the DevOps Portal for auto-provisioning. | ||
| 422 | |||
| |
5.1 | 423 | |=((( |
| |
1.1 | 424 | Gitea Role |
| 425 | )))|=((( | ||
| 426 | Portal Project Role | ||
| 427 | )))|=Permissions | ||
| 428 | |((( | ||
| 429 | Viewer | ||
| 430 | )))|Viewer|Read | ||
| 431 | |((( | ||
| 432 | Developer | ||
| 433 | )))|((( | ||
| 434 | Developer | ||
| 435 | )))|Read, Write | ||
| 436 | |(% colspan="1" %)((( | ||
| 437 | Master | ||
| 438 | )))|(% colspan="1" %)Master|Read, Write | ||
| 439 | |(% colspan="1" %)Admin|(% colspan="1" %)Admin|Read, Write, Repository create | ||
| 440 | |||
| 441 | = Nexus Project Roles = | ||
| 442 | |||
| 443 | For each role in a project a role in Nexus is created which includes one Privilege for each repository in the project. | ||
| 444 | |||
| |
5.1 | 445 | |=((( |
| |
1.1 | 446 | Role |
| |
5.1 | 447 | )))|=((( |
| |
1.1 | 448 | Admin |
| |
5.1 | 449 | )))|=((( |
| |
1.1 | 450 | Master |
| |
5.1 | 451 | )))|=((( |
| |
1.1 | 452 | Developer |
| |
5.1 | 453 | )))|=((( |
| |
1.1 | 454 | Viewer |
| 455 | ))) | ||
| |
5.1 | 456 | |((( |
| |
1.1 | 457 | ID |
| |
5.1 | 458 | )))|((( |
| |
1.1 | 459 | PROJECTKEY-admin |
| |
5.1 | 460 | )))|((( |
| |
1.1 | 461 | PROJECTKEY-master |
| |
5.1 | 462 | )))|((( |
| |
1.1 | 463 | PROJECTKEY-developer |
| |
5.1 | 464 | )))|((( |
| |
1.1 | 465 | PROJECTKEY-viewer |
| 466 | ))) | ||
| |
5.1 | 467 | |((( |
| |
1.1 | 468 | Name |
| |
5.1 | 469 | )))|((( |
| |
1.1 | 470 | PROJECTKEY-admin |
| |
5.1 | 471 | )))|((( |
| |
1.1 | 472 | PROJECTKEY-master |
| |
5.1 | 473 | )))|((( |
| |
1.1 | 474 | PROJECTKEY-developer |
| |
5.1 | 475 | )))|((( |
| |
1.1 | 476 | PROJECTKEY-viewer |
| 477 | ))) | ||
| |
5.1 | 478 | |((( |
| |
1.1 | 479 | Privilege |
| |
5.1 | 480 | )))|((( |
| |
1.1 | 481 | PROJECTKEY-docker-admin |
| 482 | |||
| 483 | PROJECTKEY-maven-admin | ||
| 484 | |||
| 485 | PROJECTKEY-//repotype//-admin | ||
| |
5.1 | 486 | )))|((( |
| |
1.1 | 487 | PROJECTKEY-docker-master |
| 488 | |||
| 489 | PROJECTKEY-maven-master | ||
| 490 | |||
| 491 | PROJECTKEY-//repotype//-master | ||
| |
5.1 | 492 | )))|((( |
| |
1.1 | 493 | PROJECTKEY-docker-developer |
| 494 | |||
| 495 | PROJECTKEY-maven-developer | ||
| 496 | |||
| 497 | PROJECTKEY-//repotype//-developer | ||
| |
5.1 | 498 | )))|((( |
| |
1.1 | 499 | PROJECTKEY-docker-viewer |
| 500 | |||
| 501 | PROJECTKEY-maven-viewer | ||
| 502 | |||
| 503 | PROJECTKEY-//repotype//-viewer | ||
| 504 | ))) | ||
| 505 | |||
| 506 | For each role in a project a **Privilege of type Repository Content Selector** is created which combines Content Selector (Project), Repository (Docker Registry) and Actions depending on the role. | ||
| 507 | |||
| |
5.1 | 508 | |=((( |
| |
1.1 | 509 | Privilege / Role |
| |
5.1 | 510 | )))|=((( |
| |
1.1 | 511 | Admin |
| |
5.1 | 512 | )))|=((( |
| |
1.1 | 513 | Master |
| |
5.1 | 514 | )))|=((( |
| |
1.1 | 515 | Developer |
| |
5.1 | 516 | )))|=((( |
| |
1.1 | 517 | Viewer |
| 518 | ))) | ||
| |
5.1 | 519 | |((( |
| |
1.1 | 520 | Name |
| |
5.1 | 521 | )))|((( |
| |
1.1 | 522 | PROJECTKEY-docker-admin |
| |
5.1 | 523 | )))|((( |
| |
1.1 | 524 | PROJECTKEY-docker-master |
| |
5.1 | 525 | )))|((( |
| |
1.1 | 526 | PROJECTKEY-docker-developer |
| |
5.1 | 527 | )))|((( |
| |
1.1 | 528 | PROJECTKEY-docker-viewer |
| 529 | ))) | ||
| |
5.1 | 530 | |((( |
| |
1.1 | 531 | Content Selector |
| |
5.1 | 532 | )))|((( |
| |
1.1 | 533 | PROJECTKEY-docker |
| |
5.1 | 534 | )))|((( |
| |
1.1 | 535 | PROJECTKEY-docker |
| |
5.1 | 536 | )))|((( |
| |
1.1 | 537 | PROJECTKEY-docker |
| |
5.1 | 538 | )))|((( |
| |
1.1 | 539 | PROJECTKEY-docker |
| 540 | ))) | ||
| |
5.1 | 541 | |((( |
| |
1.1 | 542 | Repository |
| |
5.1 | 543 | )))|((( |
| |
1.1 | 544 | docker-registry |
| |
5.1 | 545 | )))|((( |
| |
1.1 | 546 | docker-registry |
| |
5.1 | 547 | )))|((( |
| |
1.1 | 548 | docker-registry |
| |
5.1 | 549 | )))|((( |
| |
1.1 | 550 | docker-registry |
| 551 | ))) | ||
| |
5.1 | 552 | |((( |
| |
1.1 | 553 | Actions |
| |
5.1 | 554 | )))|((( |
| |
1.1 | 555 | delete, add, edit, browse, read |
| |
5.1 | 556 | )))|((( |
| |
1.1 | 557 | add, edit, browse, read |
| |
5.1 | 558 | )))|((( |
| |
1.1 | 559 | add, edit, browse, read |
| |
5.1 | 560 | )))|((( |
| |
1.1 | 561 | browse, read |
| 562 | ))) | ||
| 563 | |||
| |
5.1 | 564 | See [[https:~~/~~/help.sonatype.com/repomanager3/security/privileges>>url:https://help.sonatype.com/repomanager3/nexus-repository-administration/access-control/privileges]] for available Actions. |