EN-US
Digibee.com Digibee Academy

Roles

Learn how to create, edit and delete a role.

A role is a set of permissions that can be granted to groups. These permissions can change depending on which environment the user is in: test or production.

The Roles page

The Roles page shows you a table with active roles in your realm.

This table shows the role name and description, as well as buttons to view, edit, and delete them.

Actions

How to create a role

To create a role:

  1. Click on the Create button, in the upper right corner.

  2. Fill in the name and description of the role.

  3. Click on the dots under the columns Create, Read, Update, Delete, and Specific to activate or deactivate a permission for the service described in each row. Activated permissions are represented by green checkboxes.

  4. Click on Save.

How to view or edit a role

To view a role:

  1. Search the table for the role you want to edit, or use the search bar.

  2. Click on the pencil or eye icon in the Actions column.

To edit a role:

  1. Make the desired changes to the role.

  2. Click on Save.

System roles cannot be edited, and can be viewed under the eye icon.

How to duplicate a role

To duplicate a role:

  1. Search the table for the role you want to duplicate or use the search bar.

  2. Click on the pencil or eye icon in the Actions column.

  3. Click on Duplicate role.

  4. Make the desired changes to the new role.

  5. Click on Save.

How to delete a role

When you delete a role, the permissions granted by that role become inactive.

To delete a role:

  1. Search the table for the role you want to delete or use the search bar.

  2. Click on the box icon in the Actions column.

  3. Write a note describing the reason for archiving that role.

  4. Click on Confirm.

System roles cannot be deleted, just the ones created by users.

System roles

Besides creating your own roles, you can also use Digibee’s predefined system roles. You can’t edit or delete system roles, but you can duplicate them and edit their replicas.

Below, you can see all current existing system roles and their respective permissions:

account-manager

  • ACCOUNT:CREATE: create new account on the Accounts page.

  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • ACCOUNT:UPDATE: update existing accounts on the Accounts page.

  • ACCOUNT:DELETE: delete existing accounts on the Accounts page.

  • AUDIT:READ: view the audit records on the Audit page.

  • GLOBAL:CREATE: create new global variable on the Globals page.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • GLOBAL:UPDATE: update existing global variables on the Globals page.

  • GLOBAL:DELETE: delete existing global variables on the Globals page.

  • OAUTH:CREATE: create new OAuth service.

  • OAUTH:UPDATE: update existing OAuth service.

  • OAUTH:DELETE: delete existing OAuth service.

  • POLICY:UPDATE: update policies on the Policies page.

  • POLICY:READ: view the policies on the Policies page.

  • RELATION:CREATE: create a new relation model on the Relationship page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • RELATION:UPDATE: update existing relation models on the Relationship page.

  • RELATION:DELETE: delete an existing relation model on the Relationship page.

  • USER:READ: view existing users on the Users page.

account-viewer

  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • ALERT:READ: view existing alerts on the Alerts page.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • USER:READ: view existing users on the Users page.

alert-manager

  • ALERT:CREATE: create new alerts on the Alerts page.

  • ALERT:READ: view existing alerts on the Alerts page.

  • ALERT:UPDATE: update existing alerts on the Alerts page

  • ALERT:DELETE: delete existing alerts on the Alerts page.

alert-viewer

  • ALERT:READ: view existing alerts on the Alerts page.

api-key-manager

  • APIKEY:CREATE: create new API keys on the Consumers (API keys) page.

  • APIKEY:READ: view existing API keys on the Consumers (API keys) page.

  • APIKEY:UPDATE: update existing API keys on the Consumers (API keys) page.

  • APIKEY:DELETE: delete existing API keys on the Consumers (API keys) page.

  • APIKEY:CREATE:ACL: associate pipelines to existing API keys.

  • APIKEY:CREATE:APIKEY: create new keys for existing consumers on the Consumers (API keys) page.

  • APIKEY:DELETE:APIKEY: delete existing keys for existing consumers on the Consumers (API keys) page.

  • AUDIT:READ: view the audit records on the Audit page.

  • USER:READ: view existing users on the Users page.

api-key-viewer

  • APIKEY:READ: view existing API keys on the Consumers (API keys) page.

  • AUDIT:READ: view the audit records on the Audit page.

  • USER:READ: view existing users on the Users page.

audit-viewer

AUDIT:READ: view the audit records on the Audit page.

capsule-builder

  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • CAPSULE:CREATE: create new Capsules on the Capsules page.

  • CAPSULE:READ: view existing Capsules on the Capsules page.

  • CAPSULE:UPDATE: update existing Capsules on the Capsules page.

  • CAPSULE:DELETE: delete existing Capsules on the Capsules page.

  • CAPSULE:CREATE:GROUP: create new groups to organize Capsules on the Capsules page.

  • CAPSULE:CREATE:HEADER: create new headers for Capsules.

  • CAPSULE:DELETE:HEADER: delete existing headers for Capsules.

  • CAPSULE:UPDATE:HEADER: update existing headers for Capsules.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • TEST-MODE:EXECUTE:CAPSULE: execute Capsules in the test environment.

capsule-manager

  • CAPSULE:CREATE: create new Capsules on the Capsules page.

  • CAPSULE:READ: view existing Capsules on the Capsules page.

  • CAPSULE:UPDATE: update existing Capsules on the Capsules page.

  • CAPSULE:DELETE: delete existing Capsules on the Capsules page.

  • CAPSULE:CREATE:COLLECTION: create new collections on the Capsules page.

  • CAPSULE:CREATE:GROUP: create new groups to organize Capsules on the Capsules page.

  • CAPSULE:DELETE:GROUP: delete existing group on the Capsules page.

  • CAPSULE:UPDATE:GROUP: update existing group on the Capsules page.

  • CAPSULE:CREATE:HEADER: create new headers for Capsules.

  • CAPSULE:DELETE:HEADER: delete existing headers for Capsules.

  • CAPSULE:UPDATE:HEADER: update existing headers for Capsules.

  • REPLICA:READ: view the existing multi-instance models

  • TEST-MODE:EXECUTE:CAPSULE: execute Capsules in the test environment.

capsule-publisher

  • CAPSULE:UPDATE:PUBLISH: publish Capsules to be used on pipelines.

connectivity-manager

  • ZTNA:GENERATE-KEY: generate registration key for ZTNA Connections.

connectivity-viewer

  • ZTNA:READ: view existing ZTNA Connections.

deployment-manager

  • DEPLOYMENT:CREATE: deploy pipelines in all environments.

  • DEPLOYMENT:READ: view deployments in all environments.

  • DEPLOYMENT:DELETE: delete deployments in all environments.

  • DEPLOYMENT:CREATE:REDEPLOY: redeploy pipelines in the selected environment.

  • DEPLOYMENT:EXECUTE: manually re-execute the selected execution in all environments.

  • CONFIGURATION:CREATE: configure the pipeline.

  • CONFIGURATION:READ: view the pipeline configuration.

  • CONFIGURATION:UPDATE: update the pipeline configuration.

  • POLICY:UPDATE: update policies on the Policies page.

  • POLICY:READ: view the policies on the Policies page.

  • USER:CREATE:GENERATE-JWT: generate authentication configuration in the Digibeectl.

  • USER:DELETE:REVOKE-JWT: revoke authentication configuration in the Digibeectl.

  • USER:READ:OPEN-AUTH-CONFIG: decrypt authentication configuration in the Digibeectl.

deployment-viewer

  • DEPLOYMENT:READ: view deployments in all environments.

  • CONFIGURATION:READ: view the pipeline configuration.

global-manager

  • GLOBAL:CREATE: create new global variable on the Globals page.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • GLOBAL:UPDATE: update existing global variables on the Globals page.

  • GLOBAL:DELETE: delete existing global variables on the Globals page.

global-viewer

GLOBAL:READ: view existing global variables on the Globals page.

groups-manager

  • PERMISSION:READ: view the available permissions on the Roles page.

  • SAML-GROUP-MAPPING:CREATE: create new SAML group mapping.

  • SAML-GROUP-MAPPING:READ: view existing SAML group mappings.

  • SAML-GROUP-MAPPING:UPDATE: update existing SAML group mappings.

  • SAML-GROUP-MAPPING:DELETE: delete existing SAML group mappings.

  • USER:READ:INACTIVE-PERMISSION: view the permissions of an inactive user on the Users page.

  • USER:READ:PERMISSION: view the permissions of a user on the Users page.

  • USER:UPDATE:ASSIGN-GROUP: assign one or more groups to a user on the Users page.

  • GROUP:CREATE: create new groups on the Groups page.

  • GROUP:READ: view existing groups on the Groups page.

  • GROUP:UPDATE: update existing groups on the Groups page.

  • GROUP:DELETE: delete existing groups on the Groups page.

  • GROUP:READ:PERMISSION: view the permissions of existing groups on the Groups page.

idp-access-manager

  • SSO-CONFIGURATION:CREATE: create SSO configurations.

  • SSO-CONFIGURATION:READ: view existing SSO configurations.

  • SSO-CONFIGURATION:UPDATE: update existing SSO configurations.

  • SSO-CONFIGURATION:DELETE: delete existing SSO configurations.

logs-export

  • EXPORT:READ: export the pipeline logs on the Monitor page.

logs-viewer

  • LOG:READ: view the list of logs on the Monitor page.

  • MESSAGE:READ: view the list of execution messages in all environments.

  • STATS:READ: view monitoring information about the pipelines through API.

metrics-viewer

  • METRICS:READ: view the metrics of deployed pipelines in all environments on the Monitor page.

multi-instance-manager

  • REPLICA:CREATE: create new multi-instance models.

  • REPLICA:READ: view the existing multi-instance models.

  • REPLICA:UPDATE: update the existing multi-instance models.

  • REPLICA:DELETE: delete the existing multi-instance models.

multi-instance-viewer

  • REPLICA:READ: view the existing multi-instance models.

pipeline-builder

  • APIKEY:READ: view existing API keys on the Consumers (API keys) page.

  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • REPLICA:READ: view the existing multi-instance models.

  • PIPELINE:CREATE: create a new pipeline on the Build page.

  • PIPELINE:READ: view existing pipelines on the Build page.

  • PIPELINE:UPDATE: update existing pipelines on the Build page.

  • PIPELINE:READ:HISTORY: view the history of the pipeline on the Build page.

  • PIPELINE-DOCUMENTATION:CREATE: create pipeline or Capsule documentation.

  • CONFIGURATION:CREATE: configure the pipeline.

  • CONFIGURATION:READ: view the pipeline configuration.

  • CONFIGURATION:UPDATE: update the pipeline configuration.

  • PROJECT:READ: view existing projects for which you are assigned as a user on the Build page.

  • POLICY:READ: view the policies on the Policies page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • TEST-MODE:EXECUTE: execute pipelines in the test environment.

  • ZTNA:READ: view the existing ZTNA Connections.

pipeline-documentation-manager

  • PIPELINE-DOCUMENTATION:CREATE: create pipeline or Capsule documentation.

pipeline-documentation-viewer

  • PIPELINE-DOCUMENTATION:READ: view pipeline or Capsule documentation.

pipeline-executor

  • DEPLOYMENT:EXECUTE: manually re-execute the selected execution in all environments.

pipeline-manager

  • APIKEY:READ: view existing API keys on the Consumers (API keys) page.

  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • REPLICA:READ: view the existing multi-instance models.

  • PIPELINE:CREATE: create a new pipeline on the Build page.

  • PIPELINE:READ: view existing pipelines on the Build page.

  • PIPELINE:UPDATE: update existing pipelines on the Build page.

  • PIPELINE:DELETE: delete existing pipelines on the Build page.

  • PIPELINE:READ:HISTORY: view the history of the pipeline on the Build page.

  • CONFIGURATION:CREATE: configure the pipeline.

  • CONFIGURATION:READ: view the pipeline configuration.

  • CONFIGURATION:UPDATE: update the pipeline configuration.

  • POLICY:UPDATE: update policies on the Policies page.

  • POLICY:READ: view the policies on the Policies page.

  • PROJECT:CREATE: create new projects on the Build page.

  • PROJECT:READ: view existing projects for which you are assigned as a user on the Build page.

  • PROJECT:UPDATE: update existing projects on the Build page.

  • PROJECT:DELETE: delete existing projects on the Build page.

  • PROJECT:UPDATE:LINK-WITH-PIPELINE: associate a pipeline to a project.

  • RELATION:READ: view existing relation models on the Relationship page.

  • TEST-MODE:EXECUTE: execute pipelines in the test environment.

projects-manager

  • AUDIT:READ: view the audit records on the Audit page.

  • PERMISSION:READ: view the available permissions on the Roles page.

  • PROJECT:CREATE: create new projects on the Build page.

  • PROJECT:READ: view existing projects for which you are assigned as a user on the Build page.

  • PROJECT:UPDATE: update existing projects on the Build page.

  • PROJECT:DELETE: delete existing projects on the Build page.

  • PROJECT:READ:ALL: view all existing projects, even when you aren’t an assigned user on the Build page.

  • PROJECT:UPDATE:LINK-WITH-PIPELINE: associate a pipeline to a project.

relationship-manager

  • RELATION:CREATE: create a new relation model on the Relationship page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • RELATION:UPDATE: update existing relation models on the Relationship page.

  • RELATION:DELETE: delete an existing relation model on the Relationship page.

relationship-viewer

  • RELATION:READ: view existing relation models on the Relationship page.

roles-manager

  • PERMISSION:READ: view the available permissions on the Roles page.

  • ROLE:CREATE: create new roles on the Roles page.

  • ROLE:READ: view existing roles on the Roles page.

  • ROLE:UPDATE: update existing roles on the Roles page.

  • ROLE:DELETE: delete existing roles on the Roles page.

running-executions-manager

  • INFLIGHT:READ: view an execution in all environments.

  • INFLIGHT:CANCEL: cancel an execution in all environments.

running-executions-viewer

  • INFLIGHT:READ: view an execution in all environments.

users-manager

  • PERMISSION:READ: view the available permissions on the Roles page.

  • USER:CREATE: create new users on the Users page.

  • USER:READ: view existing users on the Users page.

  • USER:DELETE: delete existing users on the Users page.

  • USER:UPDATE: update existing users on the Users page.

licensing-viewer

  • LICENSE:READ: view the realm licenses.

PreviousGroupsNextList of permissions by service

Last updated