Roles allow administrators to apply a specified set of permissions to individual users and groups, allowing administrators to specify exactly what each user can see and do. Each user or group can have multiple roles.
The Roles page can be found in the administration menu under Security. The roles page lists all the roles in Continua and allows you to create, edit and delete them.
Permission Grouping
Permissions in Continua have been grouped so that if you apply a certain permission, any other necessary permissions are automatically included. For example, if you grant someone access to Edit configuration, they automatically receive access to View configurations as well. Also included with Edit configuration are all the Build Permissions, as a build is an extension of a configuration.
Any of these included permissions can be overridden in the Access Control section.
Permission Definitions
| Name | Includes | Access Granted |
|---|---|---|
| Administrator | All permissions | Access to the entire administration section and every other aspect of Continua. Administrators are the only users that can modify global security settings |
| Manage CI Server | Manage CI agents, all config. and build permissions | Access to the Continuous Integration Administration section. Users need this permission to modify CI properties and set CI Issue Connectors. This also includes agent management and all configuration and build functionality. (Note this permission does not include view project which is required to view configurations) |
| Manage CI Agents | Access to the Agent administration section. Allows the user to authorise/deauthorise agents and delete agents | |
| Project Administrator | All project permissions | Access to the Project security section. Also allows the user to create, edit and delete projects. |
| View Project | Can see projects but cannot change any project settings. | |
| Edit Project | View project | Can modify any settings on existing projects. This does not grant access to the project security section. |
| Create Project | Edit project, view project | Can create new projects and edit existing projects. This does not grant access to the project security section. |
| Delete Project | Edit project, view project | Can delete existing projects and edit existing projects. This does not grant access to the project security section. |
| Configuration Administrator | All configuration and build permissions | Grants full permission to configurations and builds. This also includes access to the configuration security section. (Note: to be able to view/modify a configuration, a user must also have View Project permissions on the configuration's parent project) |
| View Configuration | Can see configurations and builds but cannot edit either the configuration or it's builds. This permission does not allow users to start or stop builds (Note: to be able to view/modify a configuration, a user must also have View Project permissions on the configuration's parent project) | |
| Edit Configuration | View Configuration, All build permissions | Can modify any settings on existing configurations. This does not grant access to the configuration security section. This also includes all build permissions. (Note: to be able to view/modify a configuration, a user must also have View Project permissions on the configuration's parent project) |
| Create Configuration | Edit configuration, view configuration and all build permissions | Can create new configurations and edit existing configurations, including all build actions. This does not grant access to the configuration security section. (Note: to be able to view/modify a configuration, a user must also have View Project permissions on the configuration's parent project) |
| Delete Configuration | Edit configuration, view configuration and all build permissions | Can delete and edit existing configurations. This does not grant access to the configuration security section. This also includes all build permissions. (Note: to be able to view/modify a configuration, a user must also have View Project permissions on the configuration's parent project) |
| Start Build | Can start builds. (Note: to be able to view builds, a user must also have view configuration permissions on the build's configuration) | |
| Stop Build | Can stop builds. (Note: to be able to view builds, a user must also have view configuration permissions on the build's configuration) | |
| Promote Stage | Can promote a build to the next stage. (Note: to be able to view builds, a user must also have view configuration permissions on the build's configuration) | |
| View/Download Artifacts | Can view and download artifacts generated by a build. (Note: to be able to view builds, a user must also have view configuration permissions on the build's configuration) | |
| Pin/Unpin Build | Can pin and unpin builds. (Note: to be able to view builds, a user must also have view configuration permissions on the build's configuration) | |
| Add Comment | Can add and edit comments to builds. (Note: to be able to view builds, a user must also have view configuration permissions on the build's configuration) | |
| Tag Builds | Can tag builds. (Note: to be able to view builds, a user must also have view configuration permissions on the build's configuration) |
Creating & Editing a Role
The permissions list contains every single permission in Continua grouped by category. All permissions that are selected will be applied to the selected role. If a permission is grayed out, then this permission is being included from another permission. For example, if edit configuration is selected then view configuration will also be selected as view is required to edit.
If a checkbox in the category header is selected then it will automatically check every permission in that category.
Once a role has been created it can then be linked to users and groups in the Access Control section.
Deleting Roles
When a role is deleted, all associated permissions are deleted with it. This means that deleting a role will strip its permissions from any users associated to that role.