Roles

Learn how to create, edit and archive a role.

A role is a set of permissions that can be granted to groups. These permissions can change depending on which environment the user is in: test or production.

The Roles page

The Roles page shows you a table with active roles in your realm.

This table shows the role name and description, as well as buttons to view, edit, and archive them.

Actions

How to create a role

To create a role:

Click on the Create button, in the upper right corner.
Fill in the name and description of the role.
Click on the dots under the columns Create, Read, Update, Delete, and Specific to activate or deactivate a permission for the service described in each row. Activated permissions are represented by green checkboxes.
Click on Save.

How to view or edit a role

To view a role:

Search the table for the role you want to edit, or use the search bar.
Click on the pencil or eye icon in the Actions column.

To edit a role:

Make the desired changes to the role.
Click on Save.

System roles cannot be edited, and can be viewed under the eye icon.

How to duplicate a role

To duplicate a role:

Search the table for the role you want to duplicate or use the search bar.
Click on the pencil or eye icon in the Actions column.
Click on Duplicate role.
Make the desired changes to the new role.
Click on Save.

How to archive a role

When you archive a role, the permissions granted by that role become inactive.

To archive a role:

Search the table for the role you want to archive or use the search bar.
Click on the box icon in the Actions column.
Write a note describing the reason for archiving that role.
Click on Confirm.

System roles cannot be archived, just the ones created by users.

System roles

Besides creating your own roles, you can also use Digibee’s predefined system roles. You can’t edit or delete system roles, but you can duplicate them and edit their replicas.

Below, you can see all current existing system roles and their respective permissions:

Role name	Permissions
account-manager	ACCOUNT:CREATE ACCOUNT:DELETE ACCOUNT:READ ACCOUNT:UPDATE AUDIT:READ GLOBAL:CREATE GLOBAL:DELETE GLOBAL:READ GLOBAL:UPDATE RELATION:CREATE RELATION:DELETE RELATION:READ RELATION:UPDATE USER:READ OAUTH:CREATE OAUTH:DELETE OAUTH:UPDATE POLICY:UPDATE POLICY:READ
account-viewer	ACCOUNT:READ AUDIT:READ GLOBAL:READ RELATION:READ USER:READ
alert-manager	ALERT:READ ALERT:CREATE ALERT:UPDATE ALERT:DELETE
alert-viewer	ALERT:READ
api-key-manager	APIKEY:CREATE APIKEY:CREATE:ACL APIKEY:CREATE:APIKEY APIKEY:DELETE APIKEY:DELETE:APIKEY APIKEY:READ APIKEY:UPDATE AUDIT:READ USER:READ
api-key-viewer	APIKEY:READ AUDIT:READ USER:READ
audit-viewer	AUDIT:READ
capsule-builder	ACCOUNT:READ CAPSULE:CREATE CAPSULE:CREATE:GROUP CAPSULE:CREATE:HEADER CAPSULE:DELETE CAPSULE:DELETE:HEADER CAPSULE:READ CAPSULE:UPDATE CAPSULE:UPDATE:HEADER GLOBAL:READ RELATION:READ TEST-MODE:EXECUTE:CAPSULE
capsule-manager	CAPSULE:CREATE CAPSULE:CREATE:GROUP CAPSULE:CREATE:HEADER CAPSULE:DELETE CAPSULE:DELETE:HEADER CAPSULE:READ CAPSULE:UPDATE CAPSULE:UPDATE:HEADER REPLICA:READ TEST-MODE:EXECUTE:CAPSULE CAPSULE:DELETE:GROUP CAPSULE:UPDATE:GROUP CAPSULE:CREATE:COLLECTION
capsule-publisher	CAPSULE:UPDATE:PUBLISH
deployment-manager	CONFIGURATION:CREATE CONFIGURATION:READ CONFIGURATION:UPDATE DEPLOYMENT:CREATE DEPLOYMENT:CREATE:REDEPLOY DEPLOYMENT:DELETE DEPLOYMENT:EXECUTE DEPLOYMENT:READ USER:READ:LIST-JWT USER:CREATE:GENERATE-JWT USER:DELETE:REVOKE-JWT USER:READ:OPEN-AUTH-CONFIG POLICY:UPDATE POLICY:READ
deployment-viewer	CONFIGURATION:READ DEPLOYMENT:READ
global-manager	GLOBAL:CREATE GLOBAL:DELETE GLOBAL:READ GLOBAL:UPDATE
global-viewer	GLOBAL:READ
groups-manager	GROUP:CREATE GROUP:READ GROUP:READ:PERMISSION GROUP:UPDATE GROUP:DELETE USER:UPDATE:ASSIGN-GROUP USER:READ:PERMISSION USER:READ:INACTIVE-PERMISSION PERMISSION:READ SAML-GROUP-MAPPING:CREATE SAML-GROUP-MAPPING:READ SAML-GROUP-MAPPING:UPDATE SAML-GROUP-MAPPING:DELETE
idp-access-manager	SSO-CONFIGURATION:READ SSO-CONFIGURATION:CREATE SSO-CONFIGURATION:UPDATE SSO-CONFIGURATION:DELETE IDP-ACCESSES:CREATE IDP-ACCESSES:READ IDP-ACCESSES:UPDATE
licensing-viewer	LICENSE:READ
logs-export	EXPORT:READ
logs-viewer	LOG:READ MESSAGE:READ STATS:READ
metrics-viewer	METRICS:READ
multi-instance-manager	REPLICA:READ REPLICA:CREATE REPLICA:UPDATE REPLICA:DELETE
multi-instance-viewer	REPLICA:READ
pipeline-builder	ACCOUNT:READ CONFIGURATION:CREATE CONFIGURATION:READ CONFIGURATION:UPDATE APIKEY:READ GLOBAL:READ PIPELINE:CREATE PIPELINE:READ PIPELINE:READ:HISTORY PIPELINE:UPDATE PROJECT:READ RELATION:READ REPLICA:READ TEST-MODE:EXECUTE POLICY:READ
pipeline-documentation-manager	PIPELINE-DOCUMENTATION:CREATE
pipeline-documentation-viewer	PIPELINE-DOCUMENTATION:READ
pipeline-executor	DEPLOYMENT:EXECUTE
pipeline-manager	ACCOUNT:READ CONFIGURATION:CREATE CONFIGURATION:READ CONFIGURATION:UPDATE APIKEY:READ GLOBAL:READ PIPELINE:CREATE PIPELINE:DELETE PIPELINE:READ PIPELINE:READ:HISTORY PIPELINE:UPDATE PROJECT:READ \ PROJECT:CREATE PROJECT:UPDATE PROJECT:DELETE PROJECT:UPDATE:LINK-WITH-PIPELINE RELATION:READ REPLICA:READ TEST-MODE:EXECUTE POLICY:UPDATE POLICY:READ
projects-manager	AUDIT:READ PROJECT:CREATE PROJECT:DELETE PROJECT:READ PROJECT:UPDATE PROJECT:READ:ALL PROJECT:UPDATE:LINK-WITH-PIPELINE PERMISSION:READ
relationship-manager	RELATION:READ RELATION:CREATE RELATION:UPDATE RELATION:DELETE
relationship-viewer	RELATION:READ
roles-manager	ROLE:CREATE ROLE:READ ROLE:UPDATE ROLE:DELETE PERMISSION:READ
running-executions-manager	INFLIGHT:CANCEL INFLIGHT:READ
running-executions-viewer	INFLIGHT:READ
users-manager	USER:CREATE USER:DELETE USER:READ USER:UPDATE PERMISSION:READ

Role name

Permissions

account-manager

ACCOUNT:CREATE

ACCOUNT:DELETE

ACCOUNT:READ

ACCOUNT:UPDATE

AUDIT:READ

GLOBAL:CREATE

GLOBAL:DELETE

GLOBAL:READ

GLOBAL:UPDATE

RELATION:CREATE

RELATION:DELETE

RELATION:READ

RELATION:UPDATE

USER:READ

OAUTH:CREATE

OAUTH:DELETE

OAUTH:UPDATE

POLICY:UPDATE

POLICY:READ

account-viewer

ACCOUNT:READ

AUDIT:READ

GLOBAL:READ

RELATION:READ

USER:READ

alert-manager

ALERT:READ

ALERT:CREATE

ALERT:UPDATE

ALERT:DELETE

alert-viewer

ALERT:READ

api-key-manager

APIKEY:CREATE

APIKEY:CREATE:ACL

APIKEY:CREATE:APIKEY

APIKEY:DELETE

APIKEY:DELETE:APIKEY

APIKEY:READ

APIKEY:UPDATE

AUDIT:READ

USER:READ

api-key-viewer

APIKEY:READ

AUDIT:READ

USER:READ

audit-viewer

AUDIT:READ

capsule-builder

ACCOUNT:READ

CAPSULE:CREATE

CAPSULE:CREATE:GROUP

CAPSULE:CREATE:HEADER

CAPSULE:DELETE

CAPSULE:DELETE:HEADER

CAPSULE:READ

CAPSULE:UPDATE

CAPSULE:UPDATE:HEADER

GLOBAL:READ

RELATION:READ

TEST-MODE:EXECUTE:CAPSULE

capsule-manager

CAPSULE:CREATE

CAPSULE:CREATE:GROUP

CAPSULE:CREATE:HEADER

CAPSULE:DELETE

CAPSULE:DELETE:HEADER

CAPSULE:READ

CAPSULE:UPDATE

CAPSULE:UPDATE:HEADER

REPLICA:READ

TEST-MODE:EXECUTE:CAPSULE

CAPSULE:DELETE:GROUP

CAPSULE:UPDATE:GROUP

CAPSULE:CREATE:COLLECTION

capsule-publisher

CAPSULE:UPDATE:PUBLISH

deployment-manager

CONFIGURATION:CREATE

CONFIGURATION:READ

CONFIGURATION:UPDATE

DEPLOYMENT:CREATE

DEPLOYMENT:CREATE:REDEPLOY

DEPLOYMENT:DELETE

DEPLOYMENT:EXECUTE

DEPLOYMENT:READ

USER:READ:LIST-JWT

USER:CREATE:GENERATE-JWT

USER:DELETE:REVOKE-JWT

USER:READ:OPEN-AUTH-CONFIG

POLICY:UPDATE POLICY:READ

deployment-viewer

CONFIGURATION:READ

DEPLOYMENT:READ

global-manager

GLOBAL:CREATE

GLOBAL:DELETE

GLOBAL:READ

GLOBAL:UPDATE

global-viewer

GLOBAL:READ

groups-manager

GROUP:CREATE

GROUP:READ

GROUP:READ:PERMISSION

GROUP:UPDATE

GROUP:DELETE

USER:UPDATE:ASSIGN-GROUP

USER:READ:PERMISSION

USER:READ:INACTIVE-PERMISSION

PERMISSION:READ

SAML-GROUP-MAPPING:CREATE

SAML-GROUP-MAPPING:READ

SAML-GROUP-MAPPING:UPDATE

SAML-GROUP-MAPPING:DELETE

idp-access-manager

SSO-CONFIGURATION:READ

SSO-CONFIGURATION:CREATE

SSO-CONFIGURATION:UPDATE

SSO-CONFIGURATION:DELETE

IDP-ACCESSES:CREATE

IDP-ACCESSES:READ

IDP-ACCESSES:UPDATE

licensing-viewer

LICENSE:READ

logs-export

EXPORT:READ

logs-viewer

LOG:READ

MESSAGE:READ

STATS:READ

metrics-viewer

METRICS:READ

multi-instance-manager

REPLICA:READ

REPLICA:CREATE

REPLICA:UPDATE

REPLICA:DELETE

multi-instance-viewer

REPLICA:READ

pipeline-builder

ACCOUNT:READ

CONFIGURATION:CREATE

CONFIGURATION:READ

CONFIGURATION:UPDATE

APIKEY:READ

GLOBAL:READ

PIPELINE:CREATE

PIPELINE:READ

PIPELINE:READ:HISTORY

PIPELINE:UPDATE

PROJECT:READ

RELATION:READ

REPLICA:READ

TEST-MODE:EXECUTE

POLICY:READ

pipeline-documentation-manager

PIPELINE-DOCUMENTATION:CREATE

pipeline-documentation-viewer

PIPELINE-DOCUMENTATION:READ

pipeline-executor

DEPLOYMENT:EXECUTE

pipeline-manager

ACCOUNT:READ

CONFIGURATION:CREATE

CONFIGURATION:READ

CONFIGURATION:UPDATE

APIKEY:READ

GLOBAL:READ

PIPELINE:CREATE

PIPELINE:DELETE

PIPELINE:READ

PIPELINE:READ:HISTORY

PIPELINE:UPDATE

PROJECT:READ \ PROJECT:CREATE

PROJECT:UPDATE

PROJECT:DELETE

PROJECT:UPDATE:LINK-WITH-PIPELINE

RELATION:READ

REPLICA:READ

TEST-MODE:EXECUTE

POLICY:UPDATE

POLICY:READ

projects-manager

AUDIT:READ

PROJECT:CREATE

PROJECT:DELETE

PROJECT:READ PROJECT:UPDATE

PROJECT:READ:ALL PROJECT:UPDATE:LINK-WITH-PIPELINE

PERMISSION:READ

relationship-manager

RELATION:READ

RELATION:CREATE

RELATION:UPDATE

RELATION:DELETE

relationship-viewer

RELATION:READ

roles-manager

ROLE:CREATE

ROLE:READ

ROLE:UPDATE

ROLE:DELETE

PERMISSION:READ

running-executions-manager

INFLIGHT:CANCEL

INFLIGHT:READ

running-executions-viewer

INFLIGHT:READ

users-manager

USER:CREATE

USER:DELETE

USER:READ

USER:UPDATE

PERMISSION:READ

PreviousGroups NextIdentity provider integration

Last updated 1 month ago