Roles
Learn how to create, edit and archive a role.
A role is a set of permissions that can be granted to groups. These permissions can change depending on which environment the user is in: test or production.
The Roles page
The Roles page shows you a table with active roles in your realm.
This table shows the role name and description, as well as buttons to view, edit, and archive them.
Actions
How to create a role
To create a role:
Click on the Create button, in the upper right corner.
Fill in the name and description of the role.
Click on the dots under the columns Create, Read, Update, Delete, and Specific to activate or deactivate a permission for the service described in each row. Activated permissions are represented by green checkboxes.
Click on Save.
How to view or edit a role
To view a role:
Search the table for the role you want to edit, or use the search bar.
Click on the pencil or eye icon in the Actions column.
To edit a role:
Make the desired changes to the role.
Click on Save.
System roles cannot be edited, and can be viewed under the eye icon.
How to duplicate a role
To duplicate a role:
Search the table for the role you want to duplicate or use the search bar.
Click on the pencil or eye icon in the Actions column.
Click on Duplicate role.
Make the desired changes to the new role.
Click on Save.
How to archive a role
When you archive a role, the permissions granted by that role become inactive.
To archive a role:
Search the table for the role you want to archive or use the search bar.
Click on the box icon in the Actions column.
Write a note describing the reason for archiving that role.
Click on Confirm.
System roles cannot be archived, just the ones created by users.
System roles
Besides creating your own roles, you can also use Digibee’s predefined system roles. You can’t edit or delete system roles, but you can duplicate them and edit their replicas.
Below, you can see all current existing system roles and their respective permissions:
Role name | Permissions |
---|---|
account-manager | ACCOUNT:CREATE ACCOUNT:DELETE ACCOUNT:READ ACCOUNT:UPDATE AUDIT:READ GLOBAL:CREATE GLOBAL:DELETE GLOBAL:READ GLOBAL:UPDATE RELATION:CREATE RELATION:DELETE RELATION:READ RELATION:UPDATE USER:READ OAUTH:CREATE OAUTH:DELETE OAUTH:UPDATE POLICY:UPDATE POLICY:READ |
account-viewer | ACCOUNT:READ AUDIT:READ GLOBAL:READ RELATION:READ USER:READ |
alert-manager | ALERT:READ ALERT:CREATE ALERT:UPDATE ALERT:DELETE |
alert-viewer | ALERT:READ |
api-key-manager | APIKEY:CREATE APIKEY:CREATE:ACL APIKEY:CREATE:APIKEY APIKEY:DELETE APIKEY:DELETE:APIKEY APIKEY:READ APIKEY:UPDATE AUDIT:READ USER:READ |
api-key-viewer | APIKEY:READ AUDIT:READ USER:READ |
audit-viewer | AUDIT:READ |
capsule-builder | ACCOUNT:READ CAPSULE:CREATE CAPSULE:CREATE:GROUP CAPSULE:CREATE:HEADER CAPSULE:DELETE CAPSULE:DELETE:HEADER CAPSULE:READ CAPSULE:UPDATE CAPSULE:UPDATE:HEADER GLOBAL:READ RELATION:READ TEST-MODE:EXECUTE:CAPSULE |
capsule-manager | CAPSULE:CREATE CAPSULE:CREATE:GROUP CAPSULE:CREATE:HEADER CAPSULE:DELETE CAPSULE:DELETE:HEADER CAPSULE:READ CAPSULE:UPDATE CAPSULE:UPDATE:HEADER REPLICA:READ TEST-MODE:EXECUTE:CAPSULE CAPSULE:DELETE:GROUP CAPSULE:UPDATE:GROUP CAPSULE:CREATE:COLLECTION |
capsule-publisher | CAPSULE:UPDATE:PUBLISH |
deployment-manager | CONFIGURATION:CREATE CONFIGURATION:READ CONFIGURATION:UPDATE DEPLOYMENT:CREATE DEPLOYMENT:CREATE:REDEPLOY DEPLOYMENT:DELETE DEPLOYMENT:EXECUTE DEPLOYMENT:READ USER:READ:LIST-JWT USER:CREATE:GENERATE-JWT USER:DELETE:REVOKE-JWT USER:READ:OPEN-AUTH-CONFIG POLICY:UPDATE POLICY:READ |
deployment-viewer | CONFIGURATION:READ DEPLOYMENT:READ |
global-manager | GLOBAL:CREATE GLOBAL:DELETE GLOBAL:READ GLOBAL:UPDATE |
global-viewer | GLOBAL:READ |
groups-manager | GROUP:CREATE GROUP:READ GROUP:READ:PERMISSION GROUP:UPDATE GROUP:DELETE USER:UPDATE:ASSIGN-GROUP USER:READ:PERMISSION USER:READ:INACTIVE-PERMISSION PERMISSION:READ SAML-GROUP-MAPPING:CREATE SAML-GROUP-MAPPING:READ SAML-GROUP-MAPPING:UPDATE SAML-GROUP-MAPPING:DELETE |
idp-access-manager | SSO-CONFIGURATION:READ SSO-CONFIGURATION:CREATE SSO-CONFIGURATION:UPDATE SSO-CONFIGURATION:DELETE IDP-ACCESSES:CREATE IDP-ACCESSES:READ IDP-ACCESSES:UPDATE |
licensing-viewer | LICENSE:READ |
logs-export | EXPORT:READ |
logs-viewer | LOG:READ MESSAGE:READ STATS:READ |
metrics-viewer | METRICS:READ |
multi-instance-manager | REPLICA:READ REPLICA:CREATE REPLICA:UPDATE REPLICA:DELETE |
multi-instance-viewer | REPLICA:READ |
pipeline-builder | ACCOUNT:READ CONFIGURATION:CREATE CONFIGURATION:READ CONFIGURATION:UPDATE APIKEY:READ GLOBAL:READ PIPELINE:CREATE PIPELINE:READ PIPELINE:READ:HISTORY PIPELINE:UPDATE PROJECT:READ RELATION:READ REPLICA:READ TEST-MODE:EXECUTE POLICY:READ |
pipeline-documentation-manager | PIPELINE-DOCUMENTATION:CREATE |
pipeline-documentation-viewer | PIPELINE-DOCUMENTATION:READ |
pipeline-executor | DEPLOYMENT:EXECUTE |
pipeline-manager | ACCOUNT:READ CONFIGURATION:CREATE CONFIGURATION:READ CONFIGURATION:UPDATE APIKEY:READ GLOBAL:READ PIPELINE:CREATE PIPELINE:DELETE PIPELINE:READ PIPELINE:READ:HISTORY PIPELINE:UPDATE PROJECT:READ \ PROJECT:CREATE PROJECT:UPDATE PROJECT:DELETE PROJECT:UPDATE:LINK-WITH-PIPELINE RELATION:READ REPLICA:READ TEST-MODE:EXECUTE POLICY:UPDATE POLICY:READ |
projects-manager | AUDIT:READ PROJECT:CREATE PROJECT:DELETE PROJECT:READ PROJECT:UPDATE PROJECT:READ:ALL PROJECT:UPDATE:LINK-WITH-PIPELINE PERMISSION:READ |
relationship-manager | RELATION:READ RELATION:CREATE RELATION:UPDATE RELATION:DELETE |
relationship-viewer | RELATION:READ |
roles-manager | ROLE:CREATE ROLE:READ ROLE:UPDATE ROLE:DELETE PERMISSION:READ |
running-executions-manager | INFLIGHT:CANCEL INFLIGHT:READ |
running-executions-viewer | INFLIGHT:READ |
users-manager | USER:CREATE USER:DELETE USER:READ USER:UPDATE PERMISSION:READ |
Last updated