Users and roles

= Role Model =

4

5

== Portal Roles ==

6

7

|=Portal Role|=Description

8

|(((

9

Admin

10

)))|Admins have full-access. They can //create//, //edit //and //delete //all kinds of entities, like users, projects, organizations, technical users and roles. Therefore, they can also add additional admins who have the same privileges. The last Admin cannot remove himself.

11

|(((

12

Creator

13

)))|Creators can //create //all kinds of entities like users, projects, organizations and technical users. When a Creator creates a new project he is automatically assigned an admin role in the project, which allows him to add more members.

14

|(((

15

User

16

)))|All other users are simply called users. They can be assigned any role in projects.

== Project Roles ==

Each user who is a member of a project has to be in //exactly one// Project Role. Therefore it is not possible to have no or multiple roles in a project.

21

22

Different roles have different sets of permissions. Possible roles are:

23

24

(% class="responsive-table" %)

25

(% class="active" %)|=(((

Role

)))|=(((

Description

)))

|(((

Admin

)))|(((

Full access, even to potentially dangerous operations like deleting content in the Project. Can administer Project Members and Roles.

)))

|(((

Master

)))|Elevated write acccess, excluding potentially dangerous operations which can lead to massive data loss or other unrevertable changes.

|(((

Developer

)))|(((

General read-write access to contribute to the Project

)))

|(((

Viewer

)))|(((

Read-only access to all not security-relevant data in the Project

47

)))

48

49

Currently, the role assignment is applied for all tools within one project.

Note:

To ensure the integrity of the applications in the context of the managed service, no customer user is allowed to get system admin permissions for the tools. The maximum permissions for a customer user is the "Project Admin" role as described here

54

55

56

= User Permissions in DevOps Portal =

|=(((

Role Type

)))|=(% colspan="3" rowspan="1" %)(((

61

Portal Role

62

)))|=(% rowspan="23" %) |=(% colspan="4" %)(((

Project Role

)))

|(((

**Role Name**

)))|(((

**User**

)))|(((

**Admin**

)))|(((

**Creator **

)))|(((

**Viewer**

)))|(((

**Developer**

)))|(((

**Master**

)))|(((

**Admin**

)))

|Login to DevOps Portal|✅|✅|✅|✅|✅|✅|✅

83

|Logout from DevOps Portal|✅|✅|✅|✅|✅|✅|✅

84

|Change my password|✅|✅|✅|✅|✅|✅|✅

85

|Reset forgotten password|✅|✅|✅|✅|✅|✅|✅

86

|Display list of users|✅|✅|✅|✅|✅|✅|✅

87

|Search for user |✅|✅|✅|✅|✅|✅|✅

88

|Add or remove "Corporate Admin" role to user |❌|✅|❌|❌|❌|❌|❌

89

|Create User|❌|✅|✅|❌|❌|❌|❌

90

|Delete User|❌|✅|❌|❌|❌|❌|❌

91

|Lock User|❌|✅|❌|❌|❌|❌|❌

92

|Unlock User|❌|✅|❌|❌|❌|❌|❌

93

|Send invitation mail for first login|❌|✅|❌|❌|❌|❌|❌

94

95

96

|Create project |❌|✅|✅|❌|❌|❌|❌

97

|Delete project|❌|✅|❌|❌|❌|❌|❌

98

|Retire project |❌|✅|❌|❌|❌|❌|⚠ Only his projects

99

|Reactivate project|❌|✅|❌|❌|❌|❌|⚠ Only his projects

100

|Add User to Project|❌|✅|❌|❌|❌|❌|⚠ Only his projects

101

|Remove User from Project|❌|✅|❌|❌|❌|❌|⚠ Only his projects

102

103

104

= JIRA Project Roles / Permission Scheme =

105

106

In JIRA the Project Roles are first added to Security / Project Roles and then they get their Permissions assigned in the SDCloud Permission Scheme which has to associated later with the Jira Projects.

|=(((

Permission / Role

)))|=(((

Admin

)))|=(((

Master

)))|=(((

Developer

)))|=(((

Viewer

)))

|=(% colspan="1" %)(((

120

Project Permissions

121

)))|(% colspan="1" %)(((

122

123

)))|(% colspan="1" %)(((

124

125

)))|(% colspan="1" %)(((

126

127

)))|(% colspan="1" %)(((

)))

|Administer projects

Enabled Extended project administration|✅|❌|❌|❌

132

|Browse projects|✅|✅|✅|✅

133

|Manage sprints|✅|✅|❌|❌

134

|Service Desk Agent|✅|✅|✅|❌

135

|View development tool|✅|✅|✅|✅

136

|View (read-only) workflow|✅|✅|✅|✅

137

138

|Assign issues|✅|✅|✅|❌

139

|Assignable user|✅|✅|✅|❌

140

|Close issues|✅|✅|❌|❌

141

|Create issues|✅|✅|✅|❌

142

|Delete issues|✅|❌|❌|❌

143

|Edit issues|✅|✅|✅|❌

144

|Link issues|✅|✅|✅|❌

145

|Modify reporter|✅|✅|❌|❌

146

|Move issues|✅|✅|❌|❌

147

|Resolve issues|✅|✅|✅|❌

148

|Schedule issues|✅|✅|❌|❌

149

|Set issues security|✅|❌|❌|❌

150

|Transition issues|✅|✅|✅|❌

151

152

|Manage watcher list|✅|✅|❌|❌

153

|View voters and watchers|✅|✅|✅|❌

154

155

|Add comments|✅|✅|✅|❌

156

|Delete all comments|✅|❌|❌|❌

157

|Delete own comments|✅|✅|✅|❌

158

|Edit all comments|✅|❌|❌|❌

159

|Edit own comments|✅|✅|✅|❌

160

161

|Create attachments|✅|✅|✅|❌

162

|Delete all attachments|✅|❌|❌|❌

163

|Delete own attachments|✅|✅|✅|❌

164

165

|Work on issues|✅|✅|✅|❌

166

|Delete all worklogs|✅|❌|❌|❌

167

|Delete own worklogs|✅|✅|✅|❌

168

|Edit all worklogs|✅|❌|❌|❌

169

|Edit own worklogs|✅|✅|✅|❌

170

171

* Service Desk Agent is only available if the software was added to JIRA

172

173

= Confluence Project Roles =

174

175

See vendor documentation for the exact meaning: [[https:~~/~~/confluence.atlassian.com/doc/space-permissions-overview-139521.html>>url:https://confluence.atlassian.com/doc/space-permissions-overview-139521.html]].

|=(((

Space

)))|=(% colspan="2" %)(((

180

All

181

)))|=(% colspan="2" %)(((

182

Pages

183

)))|=(% colspan="2" %)(((

184

Blog

185

)))|=(% colspan="2" %)(((

186

Attachments

187

)))|=(% colspan="2" %)(((

Comments

)))|=(((

Restrictions

)))|=(((

Mail

)))|=(% colspan="2" %)(((

Space

)))

|=Admin|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅|✅

198

|=Master|✅|✅|✅|❌|✅|❌|✅|❌|✅|✅|✅|❌|✅|❌

199

|=Developer|✅|✅|✅|❌|❌|❌|✅|❌|✅|❌|❌|❌|❌|❌

200

|=Viewer|✅|❌|❌|❌|❌|❌|❌|❌|❌|❌|❌|❌|❌|❌

201

202

= Bitbucket Project Roles =

|=(((

)))|=(((

Browse

)))|=(((

Clone / Pull

)))|=(% colspan="1" %)(((

211

Create, browse, comment on pull request

212

)))|=(% colspan="1" %)(((

213

Merge pull request

214

)))|=(% colspan="1" %)(((

215

Push

216

)))|=(% colspan="1" %)(((

217

Create repositories

218

)))|=(% colspan="1" %)(((

219

Edit settings / permissions

220

)))

221

|Admin|✅|✅|✅|✅|✅|✅|✅

222

|Master|✅|✅|✅|✅|✅|✅|❌

223

|Developer|✅|✅|✅|✅|✅|❌|❌

224

|Viewer|✅|✅|✅|❌|❌|❌|❌

225

226

//Repository permissions are inherited from project permissions.//

227

228

= Jenkins Project Roles =

229

230

|=(% colspan="1" %)(((

Permission

)))|=(((

Role

)))|=(((

Admin

)))|=(((

Master

)))|=(((

Developer

)))|=(((

Viewer

)))|=(% colspan="1" %)(((

243

Authenticated Users

244

)))|=(% colspan="1" %)(((

245

Anonymous Users

246

)))|=(% colspan="1" %)(((

247

Prometheus Tech User

248

)))

249

|=(% rowspan="5" %)Credentials|Create|✅|✅|❌|❌|❌|❌|❌

250

|Delete|✅|❌|❌|❌|❌|❌|❌

251

|Manage Domains|✅|❌|❌|❌|❌|❌|❌

252

|Update|✅|✅|❌|❌|❌|❌|❌

253

|View|✅|✅|✅|❌|❌|❌|❌

254

|=(% rowspan="10" %)Job|Build|✅|✅|✅|❌|❌|❌|❌

255

|Cancel|✅|✅|❌|❌|❌|❌|❌

256

|Configure|✅|✅|❌|❌|❌|❌|❌

257

|Create|✅|✅|❌|❌|❌|❌|❌

258

|Delete|✅|❌|❌|❌|❌|❌|❌

259

|Discover|✅|✅|✅|✅|❌|❌|❌

|Move|✅|❌|❌|❌|❌|❌|❌

|Read|✅|✅|✅|✅|❌|❌|❌

|Workspace|✅|✅|✅|❌|❌|❌|❌

264

|=(% rowspan="3" %)Run|Delete|✅|❌|❌|❌|❌|❌|❌

265

|Replay|✅|✅|✅|❌|❌|❌|❌

266

|Update|✅|✅|✅|❌|❌|❌|❌

267

268

|=SCM|Tag|✅|✅|❌|❌|❌|❌|❌

= GitLab =

Users are assigned to Groups in GitLab with the following roles assignment. Permissions within subordinated Subgroups and GitLab Projects are inherited.

|=(((

Project Role

)))|=(((

GitLab Group Members Permission

)))

|(((

Viewer

)))|(((

Reporter

)))

|(((

Developer

)))|(((

Developer

)))

|(% colspan="1" %)(((

293

Master

294

)))|(% colspan="1" %)(((

295

Maintainer

296

)))

297

|(% colspan="1" %)(((

298

Admin

299

)))|(% colspan="1" %)(((

Owner

)))

Regarding permissions for Group Permissions in GitLab, see [[https:~~/~~/docs.gitlab.com/ee/user/permissions.html#group-members-permissions>>url:https://docs.gitlab.com/ee/user/permissions.html#group-members-permissions]].

304

305

= Harbor Project Roles =

306

307

Harbor manages images through projects. You provide access to these images to users by including the users in projects and assigning one of the following roles to them:

|=(((

Harbor

)))|=(((

Portal

)))|=

|=Role Name|=Role Id|=Project Role

315

|Project Admin|1|ADMIN

316

|Maintainer|4|MASTER

317

|Developer|2|DEVELOPER

318

|Guest|3|VIEWER

319

320

=== Harbor Roles Permissions ===

|=(((

Action

)))|=(((

Limited Guest

)))|=(((

Guest

)))|=(((

Developer

)))|=(((

Maintainer

)))|=(((

Project Admin

)))

|See the project configurations|✅|✅|✅|✅|✅

336

|Edit the project configurations|❌|❌|❌|❌|✅

337

|See a list of project members| |✅|✅|✅|✅

338

|Create/edit/delete project members|❌|❌|❌|❌|✅

339

|See a list of project logs|✅|✅|✅|✅|❌

340

|See a list of project replications|❌|❌|❌|✅|✅

341

|See a list of project replication jobs|❌|❌|❌|❌|✅

342

|See a list of project labels|❌|❌|❌|✅|✅

343

|Create/edit/delete project labels|❌|❌|❌|✅|✅

344

|See a list of repositories|✅|✅|✅|✅|✅

345

|Create repositories|❌|❌|✅|✅|✅

346

|Edit/delete repositories|❌|❌|❌|✅|✅

347

|See a list of images|✅|✅|✅|✅|✅

348

|Retag image|❌|✅|✅|✅|✅

349

|Pull image|✅|✅|✅|✅|✅

350

|Push image|❌|❌|✅|✅|✅

351

|Scan/delete image|❌|❌|❌|✅|✅

352

|Add scanners to Harbor *|❌|❌|❌|❌|❌

353

|Edit scanners in projects|❌|❌|❌|❌|✅

354

|See a list of image vulnerabilities|✅|✅|✅|✅|✅

355

|Create list of project vulnerabilities|❌|❌|✅|✅|✅

356

|Read list of project vulnerabilities|❌|❌|✅|✅|✅

357

|Export list of project vulnerabilities|❌|❌|✅|✅|✅

358

|See image build history|✅|✅|✅|✅|✅

359

|Add/Remove labels of image|❌|❌|✅|✅|✅

360

|See a list of helm charts|✅|✅|✅|✅|✅

361

|Download helm charts|✅|✅|✅|✅|✅

362

|Upload helm charts|❌|❌|✅|✅|✅

363

|Delete helm charts|❌|❌|❌|✅|✅

364

|See a list of helm chart versions|✅|✅|✅|✅|✅

365

|Download helm chart versions|✅|✅|✅|✅|✅

366

|Upload helm chart versions|❌|❌|✅|✅|✅

367

|Delete helm chart versions|❌|❌|❌|✅|✅

368

|Add/Remove labels of helm chart version|❌|❌|✅|✅|✅

369

|See a list of project robots|❌|❌|❌|✅|✅

370

|Create/edit/delete project robots|❌|❌|❌|❌|✅

371

|See configured CVE allowlist|✅|✅|✅|✅|✅

372

|Create/edit/remove CVE allowlist|❌|❌|❌|❌|✅

373

|View webhook events|❌|❌|❌|✅|✅

374

|Add new webhook events|❌|❌|❌|❌|✅

375

|Enable/deactivate webhooks|❌|❌|❌|❌|✅

376

|Create/delete tag retention rules|❌|❌|✅|✅|✅

377

|Enable/deactivate tag retention rules|❌|❌|✅|✅|✅

378

|Create/delete tag immutability rules|❌|❌|❌|✅|✅

379

|Enable/deactivate tag immutability rules|❌|❌|❌|✅|✅

380

|See project quotas|✅|✅|✅|✅|✅

381

|Edit project quotas *|❌|❌|❌|❌|❌

382

|Delete Project|❌|❌|❌|❌|✅

383

384

~* Only the Harbor system administrator can edit project quotas and add new scanners.

= Gitea =

Please note, that some terms used in DevOps-as-a-Service have different names in Gitea. Please check the following table to avoid any confusion.

|=(((

DevOps Portal

)))|=(((

Gitea

)))

|(((

Project

)))|(((

Organization

)))

|(((

Project Role

)))|(((

Team

)))

|(((

Git Repository

)))|(((

Repository

)))

|(((

Artifact Repository

)))|(((

Package

)))

|(((

Issue Tracking

)))|(((

Project (currently disabled)

419

)))

420

421

The **Owner** team has full admin permission in the Organization. This is a technical user used by the DevOps Portal for auto-provisioning.

|=(((

Gitea Role

)))|=(((

Portal Project Role

)))|=Permissions

|(((

Viewer

)))|Viewer|Read

|(((

Developer

)))|(((

Developer

)))|Read, Write

|(% colspan="1" %)(((

437

Master

438

)))|(% colspan="1" %)Master|Read, Write

439

|(% colspan="1" %)Admin|(% colspan="1" %)Admin|Read, Write, Repository create

440

441

= Nexus Project Roles =

442

443

For each role in a project a role in Nexus is created which includes one Privilege for each repository in the project.

|=(((

Role

)))|=(((

Admin

)))|=(((

Master

)))|=(((

Developer

)))|=(((

Viewer

)))

|(((

ID

)))|(((

PROJECTKEY-admin

)))|(((

PROJECTKEY-master

)))|(((

PROJECTKEY-developer

)))|(((

PROJECTKEY-viewer

)))

|(((

Name

)))|(((

PROJECTKEY-admin

)))|(((

PROJECTKEY-master

)))|(((

PROJECTKEY-developer

)))|(((

PROJECTKEY-viewer

)))

|(((

Privilege

)))|(((

PROJECTKEY-docker-admin

482

483

PROJECTKEY-maven-admin

484

485

PROJECTKEY-//repotype//-admin

486

)))|(((

487

PROJECTKEY-docker-master

488

489

PROJECTKEY-maven-master

490

491

PROJECTKEY-//repotype//-master

492

)))|(((

493

PROJECTKEY-docker-developer

494

495

PROJECTKEY-maven-developer

496

497

PROJECTKEY-//repotype//-developer

498

)))|(((

499

PROJECTKEY-docker-viewer

500

501

PROJECTKEY-maven-viewer

502

503

PROJECTKEY-//repotype//-viewer

504

)))

505

506

For each role in a project a **Privilege of type Repository Content Selector** is created which combines Content Selector (Project), Repository (Docker Registry) and Actions depending on the role.

|=(((

Privilege / Role

)))|=(((

Admin

)))|=(((

Master

)))|=(((

Developer

)))|=(((

Viewer

)))

|(((

Name

)))|(((

PROJECTKEY-docker-admin

523

)))|(((

524

PROJECTKEY-docker-master

525

)))|(((

526

PROJECTKEY-docker-developer

527

)))|(((

528

PROJECTKEY-docker-viewer

)))

|(((

Content Selector

)))|(((

PROJECTKEY-docker

)))|(((

PROJECTKEY-docker

)))|(((

PROJECTKEY-docker

)))|(((

PROJECTKEY-docker

)))

|(((

Repository

)))|(((

docker-registry

)))|(((

docker-registry

)))|(((

docker-registry

)))|(((

docker-registry

)))

|(((

Actions

)))|(((

delete, add, edit, browse, read

556

)))|(((

557

add, edit, browse, read

558

)))|(((

559

add, edit, browse, read

)))|(((

browse, read

)))

See [[https:~~/~~/help.sonatype.com/repomanager3/security/privileges>>url:https://help.sonatype.com/repomanager3/nexus-repository-administration/access-control/privileges]] for available Actions.

Wiki source code of Users and roles

DevOps-as-a-Service

Navigation

author	version	line-number	content
		1	{{toc depth="1"/}}
		2
		3	= Role Model =
		4
		5	== Portal Roles ==
		6
		7	\|=Portal Role\|=Description
		8	\|(((
		9	Admin
		10	)))\|Admins have full-access. They can //create//, //edit //and //delete //all kinds of entities, like users, projects, organizations, technical users and roles. Therefore, they can also add additional admins who have the same privileges. The last Admin cannot remove himself.
		11	\|(((
		12	Creator
		13	)))\|Creators can //create //all kinds of entities like users, projects, organizations and technical users. When a Creator creates a new project he is automatically assigned an admin role in the project, which allows him to add more members.
		14	\|(((
		15	User
		16	)))\|All other users are simply called users. They can be assigned any role in projects.
		17
		18	== Project Roles ==
		19
		20	Each user who is a member of a project has to be in //exactly one// Project Role. Therefore it is not possible to have no or multiple roles in a project.
		21
		22	Different roles have different sets of permissions. Possible roles are:
		23
		24	(% class="responsive-table" %)
		25	(% class="active" %)\|=(((
		26	Role
		27	)))\|=(((
		28	Description
		29	)))
		30	\|(((
		31	Admin
		32	)))\|(((
		33	Full access, even to potentially dangerous operations like deleting content in the Project. Can administer Project Members and Roles.
		34	)))
		35	\|(((
		36	Master
		37	)))\|Elevated write acccess, excluding potentially dangerous operations which can lead to massive data loss or other unrevertable changes.
		38	\|(((
		39	Developer
		40	)))\|(((
		41	General read-write access to contribute to the Project
		42	)))
		43	\|(((
		44	Viewer
		45	)))\|(((
		46	Read-only access to all not security-relevant data in the Project
		47	)))
		48
		49	Currently, the role assignment is applied for all tools within one project.
		50
		51	{{info}}
		52	Note:
		53	To ensure the integrity of the applications in the context of the managed service, no customer user is allowed to get system admin permissions for the tools. The maximum permissions for a customer user is the "Project Admin" role as described here
		54	{{/info}}
		55
		56	= User Permissions in DevOps Portal =
		57
		58	\|=(((
		59	Role Type
		60	)))\|=(% colspan="3" rowspan="1" %)(((
		61	Portal Role
		62	)))\|=(% rowspan="23" %) \|=(% colspan="4" %)(((
		63	Project Role
		64	)))
		65	\|(((
		66	Role Name
		67	)))\|(((
		68	User
		69	)))\|(((
		70	Admin
		71	)))\|(((
		72	Creator
		73	)))\|(((
		74	Viewer
		75	)))\|(((
		76	Developer
		77	)))\|(((
		78	Master
		79	)))\|(((
		80	Admin
		81	)))
		82	\|Login to DevOps Portal\|✅\|✅\|✅\|✅\|✅\|✅\|✅
		83	\|Logout from DevOps Portal\|✅\|✅\|✅\|✅\|✅\|✅\|✅
		84	\|Change my password\|✅\|✅\|✅\|✅\|✅\|✅\|✅
		85	\|Reset forgotten password\|✅\|✅\|✅\|✅\|✅\|✅\|✅
		86	\|Display list of users\|✅\|✅\|✅\|✅\|✅\|✅\|✅
		87	\|Search for user \|✅\|✅\|✅\|✅\|✅\|✅\|✅
		88	\|Add or remove "Corporate Admin" role to user \|❌\|✅\|❌\|❌\|❌\|❌\|❌
		89	\|Create User\|❌\|✅\|✅\|❌\|❌\|❌\|❌
		90	\|Delete User\|❌\|✅\|❌\|❌\|❌\|❌\|❌
		91	\|Lock User\|❌\|✅\|❌\|❌\|❌\|❌\|❌
		92	\|Unlock User\|❌\|✅\|❌\|❌\|❌\|❌\|❌
		93	\|Send invitation mail for first login\|❌\|✅\|❌\|❌\|❌\|❌\|❌
		94	\|Display list of projects \|❌\|✅\|❌\|⚠ Only his projects\|⚠ Only his projects\|⚠ Only his projects\|⚠ Only his projects
		95	\|Search for project \|❌\|✅\|❌\|⚠ Only his projects\|⚠ Only his projects\|⚠ Only his projects\|⚠ Only his projects
		96	\|Create project \|❌\|✅\|✅\|❌\|❌\|❌\|❌
		97	\|Delete project\|❌\|✅\|❌\|❌\|❌\|❌\|❌
		98	\|Retire project \|❌\|✅\|❌\|❌\|❌\|❌\|⚠ Only his projects
		99	\|Reactivate project\|❌\|✅\|❌\|❌\|❌\|❌\|⚠ Only his projects
		100	\|Add User to Project\|❌\|✅\|❌\|❌\|❌\|❌\|⚠ Only his projects
		101	\|Remove User from Project\|❌\|✅\|❌\|❌\|❌\|❌\|⚠ Only his projects
		102	\|Display used storage by project/tool or total\|❌\|✅\|❌\|⚠ Only his projects\|⚠ Only his projects\|⚠ Only his projects\|⚠ Only his projects
		103
		104	= JIRA Project Roles / Permission Scheme =
		105
		106	In JIRA the Project Roles are first added to Security / Project Roles and then they get their Permissions assigned in the SDCloud Permission Scheme which has to associated later with the Jira Projects.
		107
		108	\|=(((
		109	Permission / Role
		110	)))\|=(((
		111	Admin
		112	)))\|=(((
		113	Master
		114	)))\|=(((
		115	Developer
		116	)))\|=(((
		117	Viewer
		118	)))
		119	\|=(% colspan="1" %)(((
		120	Project Permissions
		121	)))\|(% colspan="1" %)(((
		122
		123	)))\|(% colspan="1" %)(((
		124
		125	)))\|(% colspan="1" %)(((
		126
		127	)))\|(% colspan="1" %)(((
		128
		129	)))
		130	\|Administer projects
		131	Enabled Extended project administration\|✅\|❌\|❌\|❌
		132	\|Browse projects\|✅\|✅\|✅\|✅
		133	\|Manage sprints\|✅\|✅\|❌\|❌
		134	\|Service Desk Agent\|✅\|✅\|✅\|❌
		135	\|View development tool\|✅\|✅\|✅\|✅
		136	\|View (read-only) workflow\|✅\|✅\|✅\|✅
		137	\|=Issue Permissions\| \| \| \|
		138	\|Assign issues\|✅\|✅\|✅\|❌
		139	\|Assignable user\|✅\|✅\|✅\|❌
		140	\|Close issues\|✅\|✅\|❌\|❌
		141	\|Create issues\|✅\|✅\|✅\|❌
		142	\|Delete issues\|✅\|❌\|❌\|❌
		143	\|Edit issues\|✅\|✅\|✅\|❌
		144	\|Link issues\|✅\|✅\|✅\|❌
		145	\|Modify reporter\|✅\|✅\|❌\|❌
		146	\|Move issues\|✅\|✅\|❌\|❌
		147	\|Resolve issues\|✅\|✅\|✅\|❌
		148	\|Schedule issues\|✅\|✅\|❌\|❌
		149	\|Set issues security\|✅\|❌\|❌\|❌
		150	\|Transition issues\|✅\|✅\|✅\|❌
		151	\|=(% colspan="1" %)Voters & watchers permissions\|(% colspan="1" %) \|(% colspan="1" %) \|(% colspan="1" %) \|(% colspan="1" %)
		152	\|Manage watcher list\|✅\|✅\|❌\|❌
		153	\|View voters and watchers\|✅\|✅\|✅\|❌
		154	\|=(% colspan="1" %)Comments permissions\|(% colspan="1" %) \|(% colspan="1" %) \|(% colspan="1" %) \|(% colspan="1" %)
		155	\|Add comments\|✅\|✅\|✅\|❌
		156	\|Delete all comments\|✅\|❌\|❌\|❌
		157	\|Delete own comments\|✅\|✅\|✅\|❌
		158	\|Edit all comments\|✅\|❌\|❌\|❌
		159	\|Edit own comments\|✅\|✅\|✅\|❌
		160	\|=(% colspan="1" %)Attachments permissions\|(% colspan="1" %) \|(% colspan="1" %) \|(% colspan="1" %) \|(% colspan="1" %)
		161	\|Create attachments\|✅\|✅\|✅\|❌
		162	\|Delete all attachments\|✅\|❌\|❌\|❌
		163	\|Delete own attachments\|✅\|✅\|✅\|❌
		164	\|=(% colspan="1" %)Time-tracking Permissions\|(% colspan="1" %) \|(% colspan="1" %) \|(% colspan="1" %) \|(% colspan="1" %)
		165	\|Work on issues\|✅\|✅\|✅\|❌
		166	\|Delete all worklogs\|✅\|❌\|❌\|❌
		167	\|Delete own worklogs\|✅\|✅\|✅\|❌
		168	\|Edit all worklogs\|✅\|❌\|❌\|❌
		169	\|Edit own worklogs\|✅\|✅\|✅\|❌
		170
		171	* Service Desk Agent is only available if the software was added to JIRA
		172
		173	= Confluence Project Roles =
		174
		175	See vendor documentation for the exact meaning: [[https:~~/~~/confluence.atlassian.com/doc/space-permissions-overview-139521.html>>url:https://confluence.atlassian.com/doc/space-permissions-overview-139521.html]].
		176
		177	\|=(((
		178	Space
		179	)))\|=(% colspan="2" %)(((
		180	All
		181	)))\|=(% colspan="2" %)(((
		182	Pages
		183	)))\|=(% colspan="2" %)(((
		184	Blog
		185	)))\|=(% colspan="2" %)(((
		186	Attachments
		187	)))\|=(% colspan="2" %)(((
		188	Comments
		189	)))\|=(((
		190	Restrictions
		191	)))\|=(((
		192	Mail
		193	)))\|=(% colspan="2" %)(((
		194	Space
		195	)))
		196	\|=(% colspan="1" %)Role/Operation\|(% colspan="1" %)View\|(% colspan="1" %)Delete Own\|(% colspan="1" %)Add\|(% colspan="1" %)Delete\|(% colspan="1" %)Add\|(% colspan="1" %)Delete\|(% colspan="1" %)Add\|(% colspan="1" %)Delete\|(% colspan="1" %)Add\|(% colspan="1" %)Delete\|(% colspan="1" %)Add/Delete\|(% colspan="1" %)Delete\|(% colspan="1" %)Export\|(% colspan="1" %)Admin
		197	\|=Admin\|✅\|✅\|✅\|✅\|✅\|✅\|✅\|✅\|✅\|✅\|✅\|✅\|✅\|✅
		198	\|=Master\|✅\|✅\|✅\|❌\|✅\|❌\|✅\|❌\|✅\|✅\|✅\|❌\|✅\|❌
		199	\|=Developer\|✅\|✅\|✅\|❌\|❌\|❌\|✅\|❌\|✅\|❌\|❌\|❌\|❌\|❌
		200	\|=Viewer\|✅\|❌\|❌\|❌\|❌\|❌\|❌\|❌\|❌\|❌\|❌\|❌\|❌\|❌
		201
		202	= Bitbucket Project Roles =
		203
		204	\|=(((
		205
		206	)))\|=(((
		207	Browse
		208	)))\|=(((
		209	Clone / Pull
		210	)))\|=(% colspan="1" %)(((
		211	Create, browse, comment on pull request
		212	)))\|=(% colspan="1" %)(((
		213	Merge pull request
		214	)))\|=(% colspan="1" %)(((
		215	Push
		216	)))\|=(% colspan="1" %)(((
		217	Create repositories
		218	)))\|=(% colspan="1" %)(((
		219	Edit settings / permissions
		220	)))
		221	\|Admin\|✅\|✅\|✅\|✅\|✅\|✅\|✅
		222	\|Master\|✅\|✅\|✅\|✅\|✅\|✅\|❌
		223	\|Developer\|✅\|✅\|✅\|✅\|✅\|❌\|❌
		224	\|Viewer\|✅\|✅\|✅\|❌\|❌\|❌\|❌
		225
		226	//Repository permissions are inherited from project permissions.//
		227
		228	= Jenkins Project Roles =
		229
		230	\|=(% colspan="1" %)(((
		231	Permission
		232	)))\|=(((
		233	Role
		234	)))\|=(((
		235	Admin
		236	)))\|=(((
		237	Master
		238	)))\|=(((
		239	Developer
		240	)))\|=(((
		241	Viewer
		242	)))\|=(% colspan="1" %)(((
		243	Authenticated Users
		244	)))\|=(% colspan="1" %)(((
		245	Anonymous Users
		246	)))\|=(% colspan="1" %)(((
		247	Prometheus Tech User
		248	)))
		249	\|=(% rowspan="5" %)Credentials\|Create\|✅\|✅\|❌\|❌\|❌\|❌\|❌
		250	\|Delete\|✅\|❌\|❌\|❌\|❌\|❌\|❌
		251	\|Manage Domains\|✅\|❌\|❌\|❌\|❌\|❌\|❌
		252	\|Update\|✅\|✅\|❌\|❌\|❌\|❌\|❌
		253	\|View\|✅\|✅\|✅\|❌\|❌\|❌\|❌
		254	\|=(% rowspan="10" %)Job\|Build\|✅\|✅\|✅\|❌\|❌\|❌\|❌
		255	\|Cancel\|✅\|✅\|❌\|❌\|❌\|❌\|❌
		256	\|Configure\|✅\|✅\|❌\|❌\|❌\|❌\|❌
		257	\|Create\|✅\|✅\|❌\|❌\|❌\|❌\|❌
		258	\|Delete\|✅\|❌\|❌\|❌\|❌\|❌\|❌
		259	\|Discover\|✅\|✅\|✅\|✅\|❌\|❌\|❌
		260	\|ExtendedRead\| \| \| \| \| \| \|
		261	\|Move\|✅\|❌\|❌\|❌\|❌\|❌\|❌
		262	\|Read\|✅\|✅\|✅\|✅\|❌\|❌\|❌
		263	\|Workspace\|✅\|✅\|✅\|❌\|❌\|❌\|❌
		264	\|=(% rowspan="3" %)Run\|Delete\|✅\|❌\|❌\|❌\|❌\|❌\|❌
		265	\|Replay\|✅\|✅\|✅\|❌\|❌\|❌\|❌
		266	\|Update\|✅\|✅\|✅\|❌\|❌\|❌\|❌
		267	\|=Job Config History\|DeleteEntry\| \| \| \| \| \| \|
		268	\|=SCM\|Tag\|✅\|✅\|❌\|❌\|❌\|❌\|❌
		269	\|=Metrics\|HealthCheck\| \| \| \| \| \| \|
		270	\| \|ThreadDump\| \| \| \| \| \| \|
		271	\| \|View\| \| \| \| \| \| \|
		272
		273	= GitLab =
		274
		275	Users are assigned to Groups in GitLab with the following roles assignment. Permissions within subordinated Subgroups and GitLab Projects are inherited.
		276
		277	\|=(((
		278	Project Role
		279	)))\|=(((
		280	GitLab Group Members Permission
		281	)))
		282	\|(((
		283	Viewer
		284	)))\|(((
		285	Reporter
		286	)))
		287	\|(((
		288	Developer
		289	)))\|(((
		290	Developer
		291	)))
		292	\|(% colspan="1" %)(((
		293	Master
		294	)))\|(% colspan="1" %)(((
		295	Maintainer
		296	)))
		297	\|(% colspan="1" %)(((
		298	Admin
		299	)))\|(% colspan="1" %)(((
		300	Owner
		301	)))
		302
		303	Regarding permissions for Group Permissions in GitLab, see [[https:~~/~~/docs.gitlab.com/ee/user/permissions.html#group-members-permissions>>url:https://docs.gitlab.com/ee/user/permissions.html#group-members-permissions]].
		304
		305	= Harbor Project Roles =
		306
		307	Harbor manages images through projects. You provide access to these images to users by including the users in projects and assigning one of the following roles to them:
		308
		309	\|=(((
		310	Harbor
		311	)))\|=(((
		312	Portal
		313	)))\|=
		314	\|=Role Name\|=Role Id\|=Project Role
		315	\|Project Admin\|1\|ADMIN
		316	\|Maintainer\|4\|MASTER
		317	\|Developer\|2\|DEVELOPER
		318	\|Guest\|3\|VIEWER
		319
		320	=== Harbor Roles Permissions ===
		321
		322	\|=(((
		323	Action
		324	)))\|=(((
		325	Limited Guest
		326	)))\|=(((
		327	Guest
		328	)))\|=(((
		329	Developer
		330	)))\|=(((
		331	Maintainer
		332	)))\|=(((
		333	Project Admin
		334	)))
		335	\|See the project configurations\|✅\|✅\|✅\|✅\|✅
		336	\|Edit the project configurations\|❌\|❌\|❌\|❌\|✅
		337	\|See a list of project members\| \|✅\|✅\|✅\|✅
		338	\|Create/edit/delete project members\|❌\|❌\|❌\|❌\|✅
		339	\|See a list of project logs\|✅\|✅\|✅\|✅\|❌
		340	\|See a list of project replications\|❌\|❌\|❌\|✅\|✅
		341	\|See a list of project replication jobs\|❌\|❌\|❌\|❌\|✅
		342	\|See a list of project labels\|❌\|❌\|❌\|✅\|✅
		343	\|Create/edit/delete project labels\|❌\|❌\|❌\|✅\|✅
		344	\|See a list of repositories\|✅\|✅\|✅\|✅\|✅
		345	\|Create repositories\|❌\|❌\|✅\|✅\|✅
		346	\|Edit/delete repositories\|❌\|❌\|❌\|✅\|✅
		347	\|See a list of images\|✅\|✅\|✅\|✅\|✅
		348	\|Retag image\|❌\|✅\|✅\|✅\|✅
		349	\|Pull image\|✅\|✅\|✅\|✅\|✅
		350	\|Push image\|❌\|❌\|✅\|✅\|✅
		351	\|Scan/delete image\|❌\|❌\|❌\|✅\|✅
		352	\|Add scanners to Harbor *\|❌\|❌\|❌\|❌\|❌
		353	\|Edit scanners in projects\|❌\|❌\|❌\|❌\|✅
		354	\|See a list of image vulnerabilities\|✅\|✅\|✅\|✅\|✅
		355	\|Create list of project vulnerabilities\|❌\|❌\|✅\|✅\|✅
		356	\|Read list of project vulnerabilities\|❌\|❌\|✅\|✅\|✅
		357	\|Export list of project vulnerabilities\|❌\|❌\|✅\|✅\|✅
		358	\|See image build history\|✅\|✅\|✅\|✅\|✅
		359	\|Add/Remove labels of image\|❌\|❌\|✅\|✅\|✅
		360	\|See a list of helm charts\|✅\|✅\|✅\|✅\|✅
		361	\|Download helm charts\|✅\|✅\|✅\|✅\|✅
		362	\|Upload helm charts\|❌\|❌\|✅\|✅\|✅
		363	\|Delete helm charts\|❌\|❌\|❌\|✅\|✅
		364	\|See a list of helm chart versions\|✅\|✅\|✅\|✅\|✅
		365	\|Download helm chart versions\|✅\|✅\|✅\|✅\|✅
		366	\|Upload helm chart versions\|❌\|❌\|✅\|✅\|✅
		367	\|Delete helm chart versions\|❌\|❌\|❌\|✅\|✅
		368	\|Add/Remove labels of helm chart version\|❌\|❌\|✅\|✅\|✅
		369	\|See a list of project robots\|❌\|❌\|❌\|✅\|✅
		370	\|Create/edit/delete project robots\|❌\|❌\|❌\|❌\|✅
		371	\|See configured CVE allowlist\|✅\|✅\|✅\|✅\|✅
		372	\|Create/edit/remove CVE allowlist\|❌\|❌\|❌\|❌\|✅
		373	\|View webhook events\|❌\|❌\|❌\|✅\|✅
		374	\|Add new webhook events\|❌\|❌\|❌\|❌\|✅
		375	\|Enable/deactivate webhooks\|❌\|❌\|❌\|❌\|✅
		376	\|Create/delete tag retention rules\|❌\|❌\|✅\|✅\|✅
		377	\|Enable/deactivate tag retention rules\|❌\|❌\|✅\|✅\|✅
		378	\|Create/delete tag immutability rules\|❌\|❌\|❌\|✅\|✅
		379	\|Enable/deactivate tag immutability rules\|❌\|❌\|❌\|✅\|✅
		380	\|See project quotas\|✅\|✅\|✅\|✅\|✅
		381	\|Edit project quotas *\|❌\|❌\|❌\|❌\|❌
		382	\|Delete Project\|❌\|❌\|❌\|❌\|✅
		383
		384	~* Only the Harbor system administrator can edit project quotas and add new scanners.
		385
		386	= Gitea =
		387
		388	Please note, that some terms used in DevOps-as-a-Service have different names in Gitea. Please check the following table to avoid any confusion.
		389
		390	\|=(((
		391	DevOps Portal
		392	)))\|=(((
		393	Gitea
		394	)))
		395	\|(((
		396	Project
		397	)))\|(((
		398	Organization
		399	)))
		400	\|(((
		401	Project Role
		402	)))\|(((
		403	Team
		404	)))
		405	\|(((
		406	Git Repository
		407	)))\|(((
		408	Repository
		409	)))
		410	\|(((
		411	Artifact Repository
		412	)))\|(((
		413	Package
		414	)))
		415	\|(((
		416	Issue Tracking
		417	)))\|(((
		418	Project (currently disabled)
		419	)))
		420
		421	The Owner team has full admin permission in the Organization. This is a technical user used by the DevOps Portal for auto-provisioning.
		422
		423	\|=(((
		424	Gitea Role
		425	)))\|=(((
		426	Portal Project Role
		427	)))\|=Permissions
		428	\|(((
		429	Viewer
		430	)))\|Viewer\|Read
		431	\|(((
		432	Developer
		433	)))\|(((
		434	Developer
		435	)))\|Read, Write
		436	\|(% colspan="1" %)(((
		437	Master
		438	)))\|(% colspan="1" %)Master\|Read, Write
		439	\|(% colspan="1" %)Admin\|(% colspan="1" %)Admin\|Read, Write, Repository create
		440
		441	= Nexus Project Roles =
		442
		443	For each role in a project a role in Nexus is created which includes one Privilege for each repository in the project.
		444
		445	\|=(((
		446	Role
		447	)))\|=(((
		448	Admin
		449	)))\|=(((
		450	Master
		451	)))\|=(((
		452	Developer
		453	)))\|=(((
		454	Viewer
		455	)))
		456	\|(((
		457	ID
		458	)))\|(((
		459	PROJECTKEY-admin
		460	)))\|(((
		461	PROJECTKEY-master
		462	)))\|(((
		463	PROJECTKEY-developer
		464	)))\|(((
		465	PROJECTKEY-viewer
		466	)))
		467	\|(((
		468	Name
		469	)))\|(((
		470	PROJECTKEY-admin
		471	)))\|(((
		472	PROJECTKEY-master
		473	)))\|(((
		474	PROJECTKEY-developer
		475	)))\|(((
		476	PROJECTKEY-viewer
		477	)))
		478	\|(((
		479	Privilege
		480	)))\|(((
		481	PROJECTKEY-docker-admin
		482
		483	PROJECTKEY-maven-admin
		484
		485	PROJECTKEY-//repotype//-admin
		486	)))\|(((
		487	PROJECTKEY-docker-master
		488
		489	PROJECTKEY-maven-master
		490
		491	PROJECTKEY-//repotype//-master
		492	)))\|(((
		493	PROJECTKEY-docker-developer
		494
		495	PROJECTKEY-maven-developer
		496
		497	PROJECTKEY-//repotype//-developer
		498	)))\|(((
		499	PROJECTKEY-docker-viewer
		500
		501	PROJECTKEY-maven-viewer
		502
		503	PROJECTKEY-//repotype//-viewer
		504	)))
		505
		506	For each role in a project a Privilege of type Repository Content Selector is created which combines Content Selector (Project), Repository (Docker Registry) and Actions depending on the role.
		507
		508	\|=(((
		509	Privilege / Role
		510	)))\|=(((
		511	Admin
		512	)))\|=(((
		513	Master
		514	)))\|=(((
		515	Developer
		516	)))\|=(((
		517	Viewer
		518	)))
		519	\|(((
		520	Name
		521	)))\|(((
		522	PROJECTKEY-docker-admin
		523	)))\|(((
		524	PROJECTKEY-docker-master
		525	)))\|(((
		526	PROJECTKEY-docker-developer
		527	)))\|(((
		528	PROJECTKEY-docker-viewer
		529	)))
		530	\|(((
		531	Content Selector
		532	)))\|(((
		533	PROJECTKEY-docker
		534	)))\|(((
		535	PROJECTKEY-docker
		536	)))\|(((
		537	PROJECTKEY-docker
		538	)))\|(((
		539	PROJECTKEY-docker
		540	)))
		541	\|(((
		542	Repository
		543	)))\|(((
		544	docker-registry
		545	)))\|(((
		546	docker-registry
		547	)))\|(((
		548	docker-registry
		549	)))\|(((
		550	docker-registry
		551	)))
		552	\|(((
		553	Actions
		554	)))\|(((
		555	delete, add, edit, browse, read
		556	)))\|(((
		557	add, edit, browse, read
		558	)))\|(((
		559	add, edit, browse, read
		560	)))\|(((
		561	browse, read
		562	)))
		563
		564	See [[https:~~/~~/help.sonatype.com/repomanager3/security/privileges>>url:https://help.sonatype.com/repomanager3/nexus-repository-administration/access-control/privileges]] for available Actions.