A number of roles are defined in the product that can be assigned to a user or group.
Roles set boundaries on activities that a user or group member can perform.
Roles are assigned to users and groups within the team context. Users or groups are assigned to a
team with a specific role. The role assigned to a user is only for the team that the user is a
member. A user can be a member of multiple teams and have a different role on each.
The interlocking concept of teams, roles, and permissions ensures that users have the appropriate
permissions to perform their work and not affect processes outside of their assigned scope. The
interaction of these three concepts provides the mechanisms to create an infrastructure that is
secure and flexible.
Note: Until new users are assigned to teams, they are automatically assigned to the Default team in
the Viewer and Participant roles. Users in these roles can view objects, such as releases and value
streams, but they cannot create or edit them. Additionally, users in these roles can generate user
access tokens and access API endpoints with GET requests. Administrators grant users elevated
permissions when they assign them to roles such as Lead Developer or Release Manager.
The following tables show the available roles.
Table 1. Viewer permission
Viewer permission |
Description |
Viewer |
View UI objects such as deployment plans and value streams. Create user access token. |
Table 2. Participant permission
Participant permission |
Description |
Viewer |
View pipelines |
Tasks |
Create, edit, execute, remove |
Table 3. Developer permission
Developer permission |
Description |
Manage templates |
Create templates, edit templates, and delete templates |
Pipelines |
Schedule |
Tasks |
Create, edit, execute, remove |
Stories |
Create, edit, remove |
Table 4. Lead developer permissions
Lead developer permission |
Description |
Pipelines |
Create pipelines |
Applications |
Add, edit, and delete pipeline applications |
Environments |
Create, edit, and remove pipelines environments |
Deployment templates |
Create, edit, and remove |
Deployment plans |
Create, modify, delete, and schedule deployment plans |
Tasks |
Create, modify, execute, and delete tasks |
Environments |
Create, modify, and delete target environments |
Releases |
Create, modify, delete, and archive releases. |
Stories |
Create, modify, delete, and archive stories. |
Team members |
Create, modify, delete, and archive members. |
Security |
Assign roles |
Teams |
Create, modify, delete, and archive members. |
Groups |
Create, and modify teams. |
Table 5. Release participant permissions
Release participant permissions |
Description |
Tasks |
Create, modify, execute, and run tasks. |
Stories |
Create, modify, and remove stories. |
Table 6. Release manager permissions
Release manager permissions |
Description |
Deployment plans |
Create, edit, and remove plans with templates. |
Pipelines |
Schedule deployments. |
Tasks |
Create, execute, edit, and remove tasks from deployment plans. |
Releases |
Create, modify, delete, lock, unlock, and archive releases. |
Stories |
Create, modify, and delete user stories. |
Calendar |
Modify calendar settings. Schedule releases, and run releases and calendar events using
pre-defined templates. |
Table 7. Lead release manager permissions
Lead release manager permissions |
Description |
Deployment plans |
Create, edit, and remove plans with or without templates. Approve protected
environments. |
Deployment plan templates |
Create, edit, and remove plan templates. |
Pipelines |
Schedule deployments. |
Tasks |
Create, execute, edit, and remove tasks from deployment plans. Change task target
environment. |
Releases |
Create, modify, delete, lock, unlock, and archive releases. |
Teams |
Create, remove, and edit teams. |
Users |
Create, and modify users, and remove users from teams. Assign users to roles. |
Groups |
Create, modify, and remove groups. |
Stories |
Create, modify, and remove user stories. |
Calendar |
Modify calendar settings. |
Table 8. Team administrator permissions
Team administrator permissions |
Description |
Users |
Create, and modify users, and remove users from teams. Assign users to roles. |
Teams |
Create, remove, and edit teams. |
Groups |
Create, modify, and remove groups. |
Table 9. Team administrator permissions
Product administrator permissions |
Description |
Users |
Create, and modify users, and remove users from teams. Assign users to roles. |
Teams |
Create, remove, and edit teams. |
Groups |
Create, modify, and remove groups. |
Security |
Modify security settings, manage integrations, manage LDAP and SSO configurations, and define
email servers. |
Table 10. Pipeline executor
Pipeline executor permissions |
Description |
Deployments |
Run |
Pipelines |
For existing pipelines run deployments, schedule deployments, and join releases. |
Table 11. Pipeline designer
Pipeline designer permissions |
Description |
Pipelines |
Edit |