Links

Roles

Learn how to create, edit and archive a role
To perform each action described on this page, you must have its respective permission.
When you create, edit, or archive a role, these actions are recorded in the change history on the Audition page.
A role is a set of permissions that can be granted to groups.These permissions can change depending on which environment the user is in: test or production.

The Roles page

The Roles page shows you a table with active roles in your realm.
This table shows the role name and description, as well as buttons to view, edit and archive them.

Actions

How to create a role

To create a role:
  1. 1.
    Click on the CREATE button, in the upper right corner;
  2. 2.
    Fill in the name and description of the role;
  3. 3.
    Click on the dots under the columns CREATE, READ, UPDATE, DELETE and SPECIFIC to activate or deactivate a permission for the service described in each row. Activated permissions are represented by green dots;
  4. 4.
    Click on SAVE.

How to edit a role

To view a role:
  1. 1.
    Search the table for the role you want to edit, or use the search bar;
  2. 2.
    Click on the pencil or eye icon in the Actions column;
To edit the role:
  1. 3.
    Make the desired changes to the role;
  2. 4.
    Click on SAVE.
System roles cannot be edited.

How to duplicate a role

To duplicate a role:
  1. 1.
    Search the table for the role you want to duplicate or use the search bar;
  2. 2.
    Click on the pencil or eye icon in the Actions column;
  3. 3.
    Click on DUPLICATE ROLE;
  4. 4.
    Make the desired changes to the new role;
  5. 5.
    Click on SAVE.

How to archive a role

When you archive a role, the permissions granted by that role become inactive. To archive a role:
  1. 1.
    Search the table for the role you want to archive or use the search bar;
  2. 2.
    Click on the box icon in the Actions column;
  3. 3.
    Write a note describing the reason for archiving that role;
  4. 4.
    Click on CONFIRM.
System roles cannot be archived.

System roles

Besides creating your own roles, you can also use Digibee’s system roles. System roles are predefined roles created by Digibee. You can’t edit or delete system roles, but you can duplicate them and edit their replicas.
Below, you can see all system roles and their respective permissions:
Role Name
Permission
ACLs
Account Manager
Account - read, create, update, delete
Audit - read
Global - read, create, update, delete
Relation - create, read, update, delete
User - read
Oauth - create, update, delete
ACCOUNT:CREATE
ACCOUNT:DELETE
ACCOUNT:READ
ACCOUNT:UPDATE
AUDIT:READ
GLOBAL:CREATE
GLOBAL:DELETE
GLOBAL:READ
GLOBAL:UPDATE
RELATION:CREATE
RELATION:DELETE
RELATION:READ
RELATION:UPDATE
USER:READ
OAUTH:CREATE
OAUTH:DELETE
OAUTH:UPDATE
Account Viewer
Account - read
Audit - read
Global - read
Relation - read
User - read
ACCOUNT:READ
AUDIT:READ
GLOBAL:READ
RELATION:READ
USER:READ
Api Key Manager
API Key - read, create, update, delete, create api key, delete api key
Audit - read
User - read
APIKEY:CREATE
APIKEY:CREATE:ACL
APIKEY:CREATE:APIKEY
APIKEY:DELETE
APIKEY:DELETE:APIKEY
APIKEY:READ
APIKEY:UPDATE
AUDIT:READ
USER:READ
Api Key Viewer
Consumer - read
Audit - read
User - read
APIKEY:READ
AUDIT:READ
USER:READ
Audit Viewer
Audit - read
AUDIT:READ
Capsule Builder
Account - read
Capsule - read create, update, delete,, create group, create header, update header, delete header
Global - read
Relation - read
Test mode - execute
ACCOUNT:READ
CAPSULE:CREATE
CAPSULE:CREATE:GROUP
CAPSULE:CREATE:HEADER
CAPSULE:DELETE
CAPSULE:DELETE:HEADER
CAPSULE:READ
CAPSULE:UPDATE
CAPSULE:UPDATE:HEADER
GLOBAL:READ
RELATION:READ
TEST-MODE:EXECUTE:CAPSULE
Capsule Manager
Capsule - read create, update, delete, create group, update group, delete group, create header, update header, delete header
Replica - read
Test mode - execute capsule
CAPSULE:CREATE
CAPSULE:CREATE:GROUP
CAPSULE:CREATE:HEADER
CAPSULE:DELETE
CAPSULE:DELETE:HEADER
CAPSULE:READ
CAPSULE:UPDATE
CAPSULE:UPDATE:HEADER
REPLICA:READ
TEST-MODE:EXECUTE:CAPSULE
CAPSULE:DELETE:GROUP
CAPSULE:UPDATE:GROUP
CAPSULE:CREATE:COLLECTION
Capsule Publisher
Capsule - update publish
CAPSULE:UPDATE:PUBLISH
Deployment Manager
Configuration - read, create, update
Deployment - read, create, update, delete, redeploy
User - read list JWT, create generate JWT, delete revoke JWT, read open auth config
CONFIGURATION:CREATE
CONFIGURATION:READ
CONFIGURATION:UPDATE
DEPLOYMENT:CREATE
DEPLOYMENT:CREATE:REDEPLOY
DEPLOYMENT:DELETE
DEPLOYMENT:EXECUTE
DEPLOYMENT:READ
USER:READ:LIST-JWT
USER:CREATE:GENERATE-JWT
USER:DELETE:REVOKE-JWT
USER:READ:OPEN-AUTH-CONFIG
Deployment Viewer
Configuration - read
Deployment - read
CONFIGURATION:READ
DEPLOYMENT:READ
Global Manager
Global - read, create, update, delete
GLOBAL:CREATE
GLOBAL:DELETE
GLOBAL:READ
GLOBAL:UPDATE
Global Viewer
Global - read
GLOBAL:READ
Groups Manager
Group - read, create, update, delete, read permission User - read permission, read inactive permission, update assign group Permission - read SAML-group-mapping - create, read, update, delete
GROUP:CREATE
GROUP:READ
GROUP:READ:PERMISSION
GROUP:UPDATE
GROUP:DELETE
USER:UPDATE:ASSIGN-GROUP
USER:READ:PERMISSION
USER:READ:INACTIVE-PERMISSION
PERMISSION:READ
SAML-GROUP-MAPPING:CREATE
SAML-GROUP-MAPPING:READ
SAML-GROUP-MAPPING:UPDATE
SAML-GROUP-MAPPING:DELETE
Licensing Viewer
License - read
LICENSE:READ
Logs Viewer
Log - read
Message - read
Stats - read
LOG:READ
MESSAGE:READ
STATS:READ
Multi instance Manager
Multi-instance - read, create, update, delete
REPLICA:READ
REPLICA:CREATE
REPLICA:UPDATE
REPLICA:DELETE
Multi instance Viewer
Multi-instance - read
REPLICA:READ
Pipeline Builder
Account - read
Configuration - read, create, update
Consumer - read
Global - reads
Pipeline - read, create, update, read history
Project - read
Relation - read
Replica - read
Test mode - execute
ACCOUNT:READ
CONFIGURATION:CREATE
CONFIGURATION:READ
CONFIGURATION:UPDATE
APIKEY:READ
GLOBAL:READ
PIPELINE:CREATE
PIPELINE:READ
PIPELINE:READ:HISTORY
PIPELINE:UPDATE
PROJECT:READ
RELATION:READ
REPLICA:READ
TEST-MODE:EXECUTE
Pipeline Executor
Deployment - execute
DEPLOYMENT:EXECUTE
Pipeline Manager
Account - read
Configuration - read, create, update
Consumer - read
Global - read
Pipeline - read, create, update, delete, read history
Project - read, update link with pipeline
Relation - read
Replica - read
Text mode - execute
ACCOUNT:READ
CONFIGURATION:CREATE
CONFIGURATION:READ
CONFIGURATION:UPDATE
APIKEY:READ
GLOBAL:READ
PIPELINE:CREATE
PIPELINE:DELETE
PIPELINE:READ
PIPELINE:READ:HISTORY
PIPELINE:UPDATE
PROJECT:READ
PROJECT:UPDATE:LINK-WITH-PIPELINE
RELATION:READ
REPLICA:READ
TEST-MODE:EXECUTE
Projects Manager
Audit - read
Project - read, create, update, delete, update link with pipeline
Permission - read
AUDIT:READ
PROJECT:CREATE
PROJECT:DELETE
PROJECT:READ
PROJECT:UPDATE
PROJECT:UPDATE:LINK-WITH-PIPELINE
PERMISSION:READ
Relationship Manager
Relationship - read, create, update, delete
RELATION:READ
RELATION:CREATE
RELATION:UPDATE
RELATION:DELETE
Relationship Viewer
Relationship - read
RELATION:READ
Roles Manager
Role - read, create, update, delete
Permission - read
ROLE:CREATE
ROLE:READ
ROLE:UPDATE
ROLE:DELETE
PERMISSION:READ
Running Executions Manager
Running Execution - read, cancel
INFLIGHT:CANCEL
INFLIGHT:READ
Running Executions Viewer
Running Execution - read
INFLIGHT:READ
Users Manager
User - read, create, update, delete
Permission - read
USER:CREATE
USER:DELETE
USER:READ
USER:UPDATE
PERMISSION:READ
Metrics viewer
Metrics - view
METRICS:VIEW