Digibee Documentation
Request documentationBook a demo
English
English
  • Quick start
  • Highlights
    • Release notes
      • Release notes 2025
        • May
        • April
        • March
        • February
        • January
      • Release notes 2024
        • December
        • November
        • October
        • September
        • August
          • Connectors release 08/20/2024
        • July
        • June
        • May
        • April
        • March
        • February
        • January
      • Release notes 2023
        • December
        • November
        • October
        • September
        • August
        • July
        • June
        • May
        • April
        • March
        • February
        • January
      • Release notes 2022
        • December
        • November
        • October
        • September
        • August
        • July
        • June
        • May
        • April
        • March
        • February
        • January
      • Release notes 2021
      • Release notes 2020
    • AI Pair Programmer
    • Digibeectl
      • Getting started
        • How to install Digibeectl on Windows
      • Digibeectl syntax
      • Digibeectl operations
  • Digibee in action
    • Use Cases in Action
      • Improving integration performance with API pagination
      • Automating file storage with Digibee
      • Reprocessing strategy in event-driven integrations
      • Key practices for securing sensitive information in pipelines with Digibee
      • OAuth2 for secure API access
      • Secure your APIs with JWT in Digibee
      • Integration best practices for developers on the Digibee Integration Platform
      • How to use Event-driven architecture on the Digibee Integration Platform
      • Dynamic file download with Digibee
      • Microservices: Circuit Breaker pattern for improving resilience
      • Error handling strategy in event-driven integrations
    • Troubleshooting
      • Integration guidance
        • How to resolve common pipeline issues
        • How to resolve Error 409: “You cannot update a pipeline that is not on draft mode”
        • How to resolve the "Pipeline execution was aborted" error
        • Integrated authentication with Microsoft Entra ID
        • How to resolve the "Failed to initialize pool: ONS configuration failed" error
        • How to perform IP address mapping with Progress database
        • How to build integration flows that send error notifications
        • How to send logs to external services
        • How JSONPath differs in connectors and the Execution panel
        • Using JSONPath to validate numbers with specific initial digits
        • How to analyze the "Network error: Failed to fetch" in the Execution panel
        • How to handle request payloads larger than 5MB
        • How to configure Microsoft Entra ID to display groups on the Digibee Integration Platform
        • How to build an HL7 message
      • Connectors behavior and configuration
        • Timeout in the Pipeline Executor connector
        • How to use DISTINCT and COUNT in the Object Store
        • Understanding @@DGB_TRUNCATED@@ on the Digibee Integration Platform
        • How to resolve names without a DNS - REST, SOAP, SAP (web protocols)
        • How to read and write files inside a folder
        • AuthToken Reuse for Salesforce connector
        • How to resolve the "Invalid payload" error in API Integration
        • Supported databases
          • Functions and uses for databases
      • Connectors implementation and usage examples
        • Google Storage: Usage scenarios
        • DB V2: Usage scenarios
        • For Each: Usage example
        • Template and its uses
        • Digibee JWT implementation
        • Email V1: Usage example (Deprecated)
      • JOLT applications
        • Transformer: Getting to know JOLT
        • Transformer: Transformations with JOLT
        • Transformer: Add values to list elements
        • Transformer: Operations overview
        • Transformer: Date formatting using split and concat
        • Transformer: Simple IF-ELSE logic with JOLT
      • Platform access and performance tips
        • How to solve login problems on the Digibee Integration Platform
        • How to receive updates from Digibee Status Page
        • How to clean the Digibee Integration Platform cache
      • Governance troubleshooting guidance
        • How to consume Internal API pipelines using ZTNA
        • How to use Internal API with and without a VPN
        • How to generate, convert, and register SSH Keys
        • mTLS authentication
          • How to configure mTLS on the Digibee Integration Platform
          • FAQs: Certificates in mTLS
        • How to connect Digibee to Oracle RAC
        • How to connect Digibee to SAP
        • How to connect Digibee to MongoDB Atlas using VPN
        • How to manage IPs on the Digibee Integration Platform
        • Configuring the Dropbox account
        • How to use your Gmail account with the Digibee email component (SMTP)
        • How to use the CORS policy on the Digibee Integration Platform
      • Deployment scenarios
        • Solving the “Out of memory” errors in deployment
        • Warning of route conflicts
    • Best practices
      • Best practices for building a pipeline
      • Best practices on validating messages in a consumer pipeline
      • Avoiding loops and maximizing pipeline efficiency
      • Naming: Global, Accounts, and API Keys
      • Pagination tutorial
        • Pagination tutorial - part 1
        • Pagination tutorial - part 2
        • Pagination tutorial - part 3
        • Pagination tutorial - part 4
      • Pagination example
      • Event-driven architecture
      • Notification model in event-driven integrations
      • OAuth2 integration model with Digibee
      • Best practices for error handling in pipelines
    • Digibee Academy
      • Integration Developer Bootcamp
  • Reference guides
    • Connectors
      • AWS
        • S3 Storage
        • SQS
        • AWS Secrets Manager
        • AWS Athena
        • AWS CloudWatch
        • AWS Elastic Container Service (ECS)
        • AWS Eventbridge
        • AWS Identity and Access Management (IAM)
        • AWS Kinesis
        • AWS Kinesis Firehose
        • AWS Key Management Service (KMS)
        • AWS Lambda
        • AWS MQ
        • AWS Simple Email Service (SES)
        • AWS Simple Notification System (SNS)
        • AWS Security Token Service (STS)
        • AWS Translate
      • Azure
        • Azure CosmosDB
        • Azure Event Hubs
        • Azure Key Vault
        • Azure ServiceBus
        • Azure Storage DataLake Service
        • Azure Storage Queue Service
      • Enterprise applications
        • SAP
        • Salesforce
        • Braintree
        • Facebook
        • GitHub
        • Jira
        • ServiceNow
        • Slack
        • Telegram
        • Twilio
        • WhatsApp
        • Wordpress
        • Workday
        • Zendesk
      • File storage
        • Blob Storage (Azure)
        • Digibee Storage
        • Dropbox
        • FTP
        • Google Drive
        • Google Storage
        • OneDrive
        • SFTP
        • WebDav V2
        • WebDav (Deprecated)
      • Files
        • Append Files
        • Avro File Reader
        • Avro File Writer
        • CSV to Excel
        • Excel
        • File Reader
        • File Writer
        • GZIP V2
        • GZIP V1 (Deprecated)
        • Parquet File Reader
        • Parquet File Writer
        • Stream Avro File Reader
        • Stream Excel
        • Stream File Reader
        • Stream File Reader Pattern
        • Stream JSON File Reader
        • Stream Parquet File Reader
        • Stream XML File Reader
        • XML Schema Validator
        • ZIP File
        • NFS
      • Flow
        • Delayer
      • Google/GCP
        • Google BigQuery
        • Google BigQuery Standard SQL
        • Google Calendar
        • Google Cloud Functions
        • Google Mail
        • Google PubSub
        • Google Secret Manager
        • Google Sheets
      • Industry solutions
        • FHIR (Beta)
        • Gupy Public API
        • HL7
        • HubSpot: Sales and CMS
        • Mailgun API
        • Oracle NetSuite (Beta)
        • Orderful
        • Protheus: Billing and Inventory of Cost
      • Logic
        • Block Execution
        • Choice
        • Do While
        • For Each
        • Retry
        • Parallel Execution
      • Queues and messaging
        • Event Publisher
        • JMS
        • Kafka
        • RabbitMQ
      • Security
        • AES Cryptography
        • Asymmetric Cryptography
        • CMS
        • Digital Signature
        • JWT (Deprecated)
        • JWT V2
        • Google IAP Token
        • Hash
        • Digibee JWT (Generate and Decode)
        • LDAP
        • PBE Cryptography
        • PGP
        • RSA Cryptography
        • Symmetric Cryptography
      • Structured data
        • CassandraDB
        • DB V2
        • DB V1 (Deprecated)
        • DynamoDB
        • Google Big Table
        • Memcached
        • MongoDB
        • Object Store
        • Relationship
        • Session Management
        • Stored Procedure
        • Stream DB V3
        • Stream DB V1 (Deprecated)
        • ArangoDb
        • Caffeine Cache
        • Caffeine LoadCache
        • Couchbase
        • CouchDB
        • Ehcache
        • InfluxDB
      • Tools
        • Assert V2
        • Assert V1 (Deprecated)
        • Base64
        • CSV to JSON V2
        • CSV to JSON V1 (Deprecated)
        • HL7 Message Transformer (Beta)
        • HTML to PDF
        • Transformer (JOLT) V2
        • JSLT
        • JSON String to JSON Transformer
        • JSON to JSON String Transformer
        • JSON to XML Transformer
        • JSON to CSV V2
        • JSON to CSV Transformer (Deprecated)
        • JSON Path Transformer V2
        • JSON Path Transformer
        • JSON Transformer
        • Log
        • Pipeline Executor
        • QuickFix (Beta)
        • SSH Remote Command
        • Script (JavaScript)
        • Secure PDF
        • Store Account
        • Template Transformer
        • Throw Error
        • Transformer (JOLT)
        • Validator V1 (Deprecated)
        • Validator V2
        • XML to JSON Transformer
        • XML Transformer
        • JSON Generator (Mock)
      • Web protocols
        • Email V2
        • Email V1 (Deprecated)
        • REST V2
        • REST V1 (Deprecated)
        • SOAP V1 (Deprecated)
        • SOAP V2
        • SOAP V3
        • WGet (Download HTTP)
        • gRPC
    • Triggers
      • Web Protocols
        • API Trigger
        • Email Trigger
        • Email Trigger V2
        • HTTP Trigger
        • HTTP File Trigger
          • HTTP File Trigger - Downloads
          • HTTP File Trigger - Uploads
        • REST Trigger
      • Scheduling
        • Scheduler Trigger
      • Messaging and Events
        • Event Trigger
        • JMS Trigger
        • Kafka Trigger
        • RabbitMQ Trigger
      • Others
        • DynamoDB Streams Trigger
        • HL7 Trigger
        • Salesforce Trigger - Events
    • Double Braces
      • How to reference data using Double Braces
      • Double Braces functions
        • Math functions
        • Utilities functions
        • Numerical functions
        • String functions
        • JSON functions
        • Date functions
        • Comparison functions
        • File functions
        • Conditional functions
      • Double Braces autocomplete
  • Development cycle
    • Build
      • Canvas
        • AI Assistant
        • Smart Connector User Experience
        • Execution panel
        • Design and Inspect Mode
        • Linter: Canvas building validation
        • Connector Mocking
      • Pipeline
        • How to create a pipeline
        • How to scaffold a pipeline using an OpenAPI specification
        • How to create a project
        • Pipeline version history
        • Pipeline versioning
        • Messages processing
        • Subpipelines
      • Capsules
        • How to use Capsules
          • How to create a Capsule collection
            • Capsule header dimensions
          • How to create a Capsule group
          • How to configure a Capsule
          • How to build a Capsule
          • How to test a Capsule
          • How to save a Capsule
          • How to publish a Capsule
          • How to change a Capsule collection or group
          • How to archive and restore a Capsule
        • Capsules versioning
        • Public capsules
          • SAP
          • Digibee Tools
          • Google Sheets
          • Gupy
          • Send notifications via email
          • Totvs Live
          • Canvas LMS
        • AI Assistant for Capsules Docs Generation
    • Run
      • Run concepts
        • Autoscalling
      • Deployment
        • Deploying a pipeline
        • How to redeploy a pipeline
        • How to promote pipelines across environments
        • How to check the pipeline deployment History
        • How to rollback to a previous deployment version
        • Using deployment history advanced functions
        • Pipeline deployment status
      • How warnings work on pipelines in Run
    • Monitor
      • Monitor Insights (Beta)
      • Completed executions
        • Pipeline execution logs download
      • Pipeline logs
      • Pipeline Metrics
        • Pipeline Metrics API
          • How to set up Digibee API metrics with Datadog
          • How to set up Digibee API metrics with Prometheus
        • Connector Latency
      • Alerts
        • How to create an alert
        • How to edit an alert
        • How to activate, deactivate or duplicate an alert
        • How to delete an alert
        • How to configure alerts on Slack
        • How to configure alerts on Telegram
        • How to configure alerts through a webhook
        • Available metrics
        • Best practices about alerts
        • Use cases for alerts
      • VPN connections monitoring
        • Alerts for VPN metrics
  • Connectivity management
    • Connectivity
    • Zero Trust Network Access (ZTNA)
      • Prerequisites for using ZTNA
      • How to view connections (Edge Routers)
      • How to view the Network Mappings associated with an Edge Router
      • How to add new ZTNA connections (Edge Routers)
      • How to delete connections (Edge Routers)
      • How to view routes (Network Mapping)
      • How to add new routes (Network Mapping)
      • How to add routes in batch for ZTNA
      • How to edit routes (Network Mapping)
      • How to delete routes (Network Mapping)
      • How to generate new keys (Edge Router)
      • How to change the environment of Edge routers
      • ZTNA Inverse Flow
      • ZTNA Groups
    • Virtual Private Network (VPN)
  • Platform administration
    • Administration
      • Audit
      • Access control
        • Users
        • Groups
        • Roles
          • List of permissions by service
          • Roles and responsibilities: Governance and key stakeholder identification
      • Identity provider integration
        • How to integrate an identity provider
        • Authentication rules
        • Integration of IdP groups with Digibee groups
          • How to create a group integration
          • How to test a group integration
          • How to enable group integrations
          • How to edit a group integration
          • How to delete a group integration
      • User authentication and authorization
        • How to activate and deactivate two-factor authentication
        • Login flow
      • Organization groups
    • Settings
      • Globals
        • How to create Globals
        • How to edit or delete Globals
        • How to use Globals
      • Accounts
        • Configuring each account type
        • Monitor changes to account settings in deployed pipelines
        • OAuth2 Architecture
          • Registration of new OAuth providers
      • Consumers (API Keys)
      • Relationship model
      • Multi-Instance
        • Deploying a multi-instance pipeline
      • Log Streaming
        • How to use Log Streaming with Datadog
    • Governance
      • Policies
        • Security
          • Internal API access policy
          • External API access policy
          • Sensitive fields policy
        • Transformation
          • Custom HTTP header
          • CORS HTTP header
        • Limit of Replicas policy
    • Licensing
      • Licensing models
        • Consumption Based model
      • Capacity and quotas
      • License consumption
    • Digibee APIs
      • How to create API credentials
  • Digibee concepts
    • Pipeline Engine
      • Digibee Integration Platform Pipeline Engine v2
      • Support Dynamic Accounts (Restricted Beta)
    • Digibee Integration Platform Dedicated SaaS
      • Digibee Integration Platform architecture on Dedicated Saas model
      • Requirements for Digibee Dedicated Saas model
      • Site-to-Site VPN for dedicated SaaS customer support
      • Dedicated Saas customer responsibilities
      • Custom Images of Kubernetes Nodes
      • Digibee Dedicated SaaS installation on AWS
        • How to install requirements before installing Digibee Integration Platform on EKS
        • Permissions to use Digibee Integration Platform on EKS
        • How to create custom nodes for EKS (Golden Images)
    • Introduction to ZTNA
  • Help & FAQ
    • Digibee Customer Support
    • Request documentation, suggest features, or send feedback
    • Beta Program
    • Security and compliance
    • About Digibee
Powered by GitBook
On this page
  • The Roles page
  • Actions
  • How to create a role
  • How to view or edit a role
  • How to duplicate a role
  • How to delete a role
  • System roles

Was this helpful?

  1. Platform administration
  2. Administration
  3. Access control

Roles

Learn how to create, edit and delete a role.

PreviousGroupsNextList of permissions by service

Last updated 1 month ago

Was this helpful?

A role is a set of permissions that can be granted to groups. These permissions can change depending on which environment the user is in: test or production.

The Roles page

The Roles page shows you a table with active roles in your realm.

This table shows the role name and description, as well as buttons to view, edit, and delete them.

Actions

How to create a role

To create a role:

  1. Click on the Create button, in the upper right corner.

  2. Fill in the name and description of the role.

  3. Click on the dots under the columns Create, Read, Update, Delete, and Specific to activate or deactivate a permission for the service described in each row. Activated permissions are represented by green checkboxes.

  4. Click on Save.

How to view or edit a role

To view a role:

  1. Search the table for the role you want to edit, or use the search bar.

  2. Click on the pencil or eye icon in the Actions column.

To edit a role:

  1. Make the desired changes to the role.

  2. Click on Save.

How to duplicate a role

To duplicate a role:

  1. Search the table for the role you want to duplicate or use the search bar.

  2. Click on the pencil or eye icon in the Actions column.

  3. Click on Duplicate role.

  4. Make the desired changes to the new role.

  5. Click on Save.

How to delete a role

When you delete a role, the permissions granted by that role become inactive.

To delete a role:

  1. Search the table for the role you want to delete or use the search bar.

  2. Click on the box icon in the Actions column.

  3. Write a note describing the reason for archiving that role.

  4. Click on Confirm.

System roles

With the account-environment-manager, api-key-manager, deployment-manager, global-environment-manager and pipeline-manager roles, you can define the environment (test or production) as a parameter, ensuring that a group of users has specific permissions to perform certain tasks only in the selected environment. If the environment is not defined, the user has access to all environments.

Users with account-viewer, api-key-viewer, deployment-viewer, global-viewer, and pipeline-builder can only perform certain actions in environments (test or production) that have been previously defined by the user responsible for managing access to the environments.

Besides creating your own roles, you can also use Digibee’s predefined system roles. You can’t edit or delete system roles, but you can duplicate them and edit their replicas.

Below, you can see all current existing system roles and their respective permissions:

account-environment-manager
  • ACCOUNT:CREATE: create new account on the Accounts page.

  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • ACCOUNT:UPDATE: update existing accounts on the Accounts page.

  • ACCOUNT:DELETE: delete existing accounts on the Accounts page.

account-manager
  • ACCOUNT:CREATE: create new account on the Accounts page.

  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • ACCOUNT:UPDATE: update existing accounts on the Accounts page.

  • ACCOUNT:DELETE: delete existing accounts on the Accounts page.

  • AUDIT:READ: view the audit records on the Audit page.

  • GLOBAL:CREATE: create new global variable on the Globals page.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • GLOBAL:UPDATE: update existing global variables on the Globals page.

  • GLOBAL:DELETE: delete existing global variables on the Globals page.

  • OAUTH:CREATE: create new OAuth service.

  • OAUTH:UPDATE: update existing OAuth service.

  • OAUTH:DELETE: delete existing OAuth service.

  • POLICY:UPDATE: update policies on the Policies page.

  • POLICY:READ: view the policies on the Policies page.

  • RELATION:CREATE: create a new relation model on the Relationship page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • RELATION:UPDATE: update existing relation models on the Relationship page.

  • RELATION:DELETE: delete an existing relation model on the Relationship page.

  • USER:READ: view existing users on the Users page.

account-viewer
  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • ALERT:READ: view existing alerts on the Alerts page. Includes an environment variable.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • USER:READ: view existing users on the Users page.

ai-assistant-viewer
  • AI-ASSISTANT:READ: access the AI Assistant feature.

alert-manager
  • ALERT:CREATE: create new alerts on the Alerts page.

  • ALERT:READ: view existing alerts on the Alerts page. Includes an environment variable.

  • ALERT:UPDATE: update existing alerts on the Alerts page

  • ALERT:DELETE: delete existing alerts on the Alerts page.

alert-viewer
  • ALERT:READ: view existing alerts on the Alerts page. Includes an environment variable.

api-key-manager
  • APIKEY:CREATE: create new API keys on the Consumers (API keys) page.

  • APIKEY:READ: view existing API keys on the Consumers (API keys) page.

  • APIKEY:UPDATE: update existing API keys on the Consumers (API keys) page.

  • APIKEY:DELETE: delete existing API keys on the Consumers (API keys) page.

  • APIKEY:CREATE:ACL: associate pipelines to existing API keys.

  • APIKEY:CREATE:APIKEY: create new keys for existing consumers on the Consumers (API keys) page.

  • APIKEY:DELETE:APIKEY: delete existing keys for existing consumers on the Consumers (API keys) page.

  • AUDIT:READ: view the audit records on the Audit page.

  • USER:READ: view existing users on the Users page.

api-key-viewer
  • APIKEY:READ: view existing API keys on the Consumers (API keys) page.

  • AUDIT:READ: view the audit records on the Audit page.

  • USER:READ: view existing users on the Users page.

audit-viewer

AUDIT:READ: view the audit records on the Audit page.

capsule-builder
  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • CAPSULE:CREATE: create new Capsules on the Capsules page.

  • CAPSULE:READ: view existing Capsules on the Capsules page.

  • CAPSULE:UPDATE: update existing Capsules on the Capsules page.

  • CAPSULE:DELETE: delete existing Capsules on the Capsules page.

  • CAPSULE:CREATE:GROUP: create new groups to organize Capsules on the Capsules page.

  • CAPSULE:CREATE:HEADER: create new headers for Capsules.

  • CAPSULE:DELETE:HEADER: delete existing headers for Capsules.

  • CAPSULE:UPDATE:HEADER: update existing headers for Capsules.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • TEST-MODE:EXECUTE:CAPSULE: execute Capsules in the test environment.

capsule-manager
  • CAPSULE:CREATE: create new Capsules on the Capsules page.

  • CAPSULE:READ: view existing Capsules on the Capsules page.

  • CAPSULE:UPDATE: update existing Capsules on the Capsules page.

  • CAPSULE:DELETE: delete existing Capsules on the Capsules page.

  • CAPSULE:CREATE:COLLECTION: create new collections on the Capsules page.

  • CAPSULE:CREATE:GROUP: create new groups to organize Capsules on the Capsules page.

  • CAPSULE:DELETE:GROUP: delete existing group on the Capsules page.

  • CAPSULE:UPDATE:GROUP: update existing group on the Capsules page.

  • CAPSULE:CREATE:HEADER: create new headers for Capsules.

  • CAPSULE:DELETE:HEADER: delete existing headers for Capsules.

  • CAPSULE:UPDATE:HEADER: update existing headers for Capsules.

  • REPLICA:READ: view the existing multi-instance models

  • TEST-MODE:EXECUTE:CAPSULE: execute Capsules in the test environment.

capsule-publisher
  • CAPSULE:UPDATE:PUBLISH: publish Capsules to be used on pipelines.

connectivity-manager
  • ZTNA:GENERATE-KEY: generate registration key for ZTNA Connections.

connectivity-viewer
  • ZTNA:READ: view existing ZTNA Connections.

data-streaming-manager
  • DATA_STREAMING:CREATE: Allows creating data streams without environment restrictions.

  • DATA_STREAMING:UPDATE: Allows updating data streams without environment restrictions.

  • DATA_STREAMING:READ: Allows reading data streams without environment restrictions.

  • DATA_STREAMING:DELETE: Allows deleting data streams without environment restrictions

deployment-manager
  • DEPLOYMENT:CREATE: deploy pipelines in all environments.

  • DEPLOYMENT:READ: view deployments in all environments.

  • DEPLOYMENT:DELETE: delete deployments in all environments.

  • DEPLOYMENT:CREATE:REDEPLOY: redeploy pipelines in the selected environment.

  • DEPLOYMENT:EXECUTE: manually re-execute the selected execution in all environments.

  • CONFIGURATION:CREATE: configure the pipeline.

  • CONFIGURATION:READ: view the pipeline configuration.

  • CONFIGURATION:UPDATE: update the pipeline configuration.

  • POLICY:UPDATE: update policies on the Policies page.

  • POLICY:READ: view the policies on the Policies page.

  • USER:CREATE:GENERATE-JWT: generate authentication configuration in the Digibeectl.

  • USER:DELETE:REVOKE-JWT: revoke authentication configuration in the Digibeectl.

  • USER:READ:OPEN-AUTH-CONFIG: decrypt authentication configuration in the Digibeectl.

deployment-viewer
  • DEPLOYMENT:READ: view deployments in all environments.

  • CONFIGURATION:READ: view the pipeline configuration.

global-manager
  • GLOBAL:CREATE: create new global variable on the Globals page.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • GLOBAL:UPDATE: update existing global variables on the Globals page.

  • GLOBAL:DELETE: delete existing global variables on the Globals page.

global-viewer

GLOBAL:READ: view existing global variables on the Globals page.

groups-manager
  • PERMISSION:READ: view the available permissions on the Roles page.

  • SAML-GROUP-MAPPING:CREATE: create new SAML group mapping.

  • SAML-GROUP-MAPPING:READ: view existing SAML group mappings.

  • SAML-GROUP-MAPPING:UPDATE: update existing SAML group mappings.

  • SAML-GROUP-MAPPING:DELETE: delete existing SAML group mappings.

  • USER:READ:INACTIVE-PERMISSION: view the permissions of an inactive user on the Users page.

  • USER:READ:PERMISSION: view the permissions of a user on the Users page.

  • USER:UPDATE:ASSIGN-GROUP: assign one or more groups to a user on the Users page.

  • GROUP:CREATE: create new groups on the Groups page.

  • GROUP:READ: view existing groups on the Groups page.

  • GROUP:UPDATE: update existing groups on the Groups page.

  • GROUP:DELETE: delete existing groups on the Groups page.

  • GROUP:READ:PERMISSION: view the permissions of existing groups on the Groups page.

idp-access-manager
  • SSO-CONFIGURATION:CREATE: create SSO configurations.

  • SSO-CONFIGURATION:READ: view existing SSO configurations.

  • SSO-CONFIGURATION:UPDATE: update existing SSO configurations.

  • SSO-CONFIGURATION:DELETE: delete existing SSO configurations.

logs-export
  • EXPORT:READ: export the pipeline logs on the Monitor page.

logs-viewer
  • LOG:READ: view the list of logs on the Monitor page. Includes an environment variable.

  • MESSAGE:READ: view the list of execution messages in all environments. Includes an environment variable.

  • STATS:READ: view monitoring information about the pipelines through API. Includes one environment variable.

metrics-viewer
  • METRICS:READ: view the metrics of deployed pipelines in all environments on the Monitor page. Includes an environment variable.

multi-instance-manager
  • REPLICA:CREATE: create new multi-instance models.

  • REPLICA:READ: view the existing multi-instance models.

  • REPLICA:UPDATE: update the existing multi-instance models.

  • REPLICA:DELETE: delete the existing multi-instance models.

multi-instance-viewer
  • REPLICA:READ: view the existing multi-instance models.

pipeline-builder
  • APIKEY:READ: view existing API keys on the Consumers (API keys) page.

  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • REPLICA:READ: view the existing multi-instance models.

  • PIPELINE:CREATE: create a new pipeline on the Build page.

  • PIPELINE:READ: view existing pipelines on the Build page.

  • PIPELINE:UPDATE: update existing pipelines on the Build page.

  • PIPELINE:READ:HISTORY: view the history of the pipeline on the Build page.

  • PIPELINE-DOCUMENTATION:CREATE: create pipeline or Capsule documentation.

  • CONFIGURATION:CREATE: configure the pipeline.

  • CONFIGURATION:READ: view the pipeline configuration.

  • CONFIGURATION:UPDATE: update the pipeline configuration.

  • PROJECT:READ: view existing projects for which you are assigned as a user on the Build page.

  • POLICY:READ: view the policies on the Policies page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • TEST-MODE:EXECUTE: execute pipelines in the test environment.

  • ZTNA:READ: view the existing ZTNA Connections.

pipeline-documentation-manager
  • PIPELINE-DOCUMENTATION:CREATE: create pipeline or Capsule documentation.

pipeline-documentation-viewer
  • PIPELINE-DOCUMENTATION:READ: view pipeline or Capsule documentation.

pipeline-executor
  • DEPLOYMENT:EXECUTE: manually re-execute the selected execution in all environments.

pipeline-manager
  • APIKEY:READ: view existing API keys on the Consumers (API keys) page.

  • ACCOUNT:READ: view existing accounts on the Accounts page.

  • GLOBAL:READ: view existing global variables on the Globals page.

  • REPLICA:READ: view the existing multi-instance models.

  • PIPELINE:CREATE: create a new pipeline on the Build page.

  • PIPELINE:READ: view existing pipelines on the Build page.

  • PIPELINE:UPDATE: update existing pipelines on the Build page.

  • PIPELINE:DELETE: delete existing pipelines on the Build page.

  • PIPELINE:READ:HISTORY: view the history of the pipeline on the Build page.

  • CONFIGURATION:CREATE: configure the pipeline.

  • CONFIGURATION:READ: view the pipeline configuration.

  • CONFIGURATION:UPDATE: update the pipeline configuration.

  • POLICY:UPDATE: update policies on the Policies page.

  • POLICY:READ: view the policies on the Policies page.

  • PROJECT:CREATE: create new projects on the Build page.

  • PROJECT:READ: view existing projects for which you are assigned as a user on the Build page.

  • PROJECT:UPDATE: update existing projects on the Build page.

  • PROJECT:DELETE: delete existing projects on the Build page.

  • PROJECT:UPDATE:LINK-WITH-PIPELINE: associate a pipeline to a project.

  • RELATION:READ: view existing relation models on the Relationship page.

  • TEST-MODE:EXECUTE: execute pipelines in the test environment.

projects-manager
  • AUDIT:READ: view the audit records on the Audit page.

  • PERMISSION:READ: view the available permissions on the Roles page.

  • PROJECT:CREATE: create new projects on the Build page.

  • PROJECT:READ: view existing projects for which you are assigned as a user on the Build page.

  • PROJECT:UPDATE: update existing projects on the Build page.

  • PROJECT:DELETE: delete existing projects on the Build page.

  • PROJECT:READ:ALL: view all existing projects, even when you aren’t an assigned user on the Build page.

  • PROJECT:UPDATE:LINK-WITH-PIPELINE: associate a pipeline to a project.

relationship-manager
  • RELATION:CREATE: create a new relation model on the Relationship page.

  • RELATION:READ: view existing relation models on the Relationship page.

  • RELATION:UPDATE: update existing relation models on the Relationship page.

  • RELATION:DELETE: delete an existing relation model on the Relationship page.

relationship-viewer
  • RELATION:READ: view existing relation models on the Relationship page.

roles-manager
  • PERMISSION:READ: view the available permissions on the Roles page.

  • ROLE:CREATE: create new roles on the Roles page.

  • ROLE:READ: view existing roles on the Roles page.

  • ROLE:UPDATE: update existing roles on the Roles page.

  • ROLE:DELETE: delete existing roles on the Roles page.

running-executions-manager
  • INFLIGHT:READ: view an execution in all environments.

  • INFLIGHT:CANCEL: cancel an execution in all environments.

running-executions-viewer
  • INFLIGHT:READ: view an execution in all environments.

users-manager
  • PERMISSION:READ: view the available permissions on the Roles page.

  • USER:CREATE: create new users on the Users page.

  • USER:READ: view existing users on the Users page.

  • USER:DELETE: delete existing users on the Users page.

  • USER:UPDATE: update existing users on the Users page.

licensing-viewer
  • LICENSE:READ: view the realm licenses.

cannot be edited, and can be viewed under the eye icon.

cannot be deleted, just the ones created by users.

System roles
System roles
Roles page