Page tree
Skip to end of metadata
Go to start of metadata

Overview of roles on all levels

Level

Role

Used by

Purpose

Customer area



ReaderAll customer area members.Grants to read-only access to customer area. Basic role to access customer area.

UserAll customer area members. This is assigned automatically when person is joining any project.Granting read-only permissions to get into proper customer area + be able to create own project.

AdminCustomer key personsGrants ability to add/remove users in customer area (usually removing is used when employee is leaving company)

OwnerCustomer key personsGrants ability to change roles for users + approval capabilities (buying licenses, approving raising of resources limits)

BillingCompany accountants, ICT managersGranting access to billing capabilities and details.
Project



ReaderAll project members.Grants read-only access to portal project. Basic role to access portal project.

UserUsually standard usersGrants ability to add/remove servers.

AdminUsually senior or lead team membersGrants ability to add/remove servers and SaaS entities (Jira projects, Confluence spaces, Bitbucket repositories)

OwnerUsually project managersGrants ability to change roles for users + approval capabilities (buying licenses, approving raising of resources limits)

BillingProject accountants, project managersGranting access to billing capabilities and details.
Application



ReaderNot available for end-users. Granted automatically based on users membership of some application entities.Usually gives ability to be able to login into application and reserves license where applicable. This is automatically managed by TDS, no actions required from end-users.

UserNot available for end-users. Granted automatically based on users membership of some application entities.Usually gives ability to be able to login into application + reserves license where applicable. This is automatically managed by TDS, no actions required from end-users.

AdministratorNot available for end-users. Used by customer administrators only.Reserved for customer administrators to be able to manage SaaS applications with partial administrator permission.
Application entities



ReaderUsually project customers, collaborators or for example employees with access to some shared documentation. This role is granted automatically to any new member of entity.Grants usually read-only access and comments to particular entity (differs by application type). Basic access to entity.

UserRoughly 90% of users - developers, technical specialists...Read-write access to particular entity (differs by application type).

AdminUsually senior developers, project managers.Managing various stuff in entity (differs by application type).

How role management works in TDS:

  • There is no inheritance of roles between portal, area, project and entities/servers/applications levels.
  • On project level there is "mass user management" functionality available - that allows synchronising user roles from project level to application entities level. This substitutes inheritance where necessary but still gives granularity for projects that need it.
  • For security and convenience reasons removing user from lowest role in that particular level automatically removes him from all higher roles on that particular level. For example removing someone from user role removes him also from admin role.

Customer area roles

Permissionsreader

owner

admin

billing

user

List projects member of



X
Create Project



X
List users in CA



X
Add user to CA

X

Delete user from CA

X

Set and change roles

 X




List invitations*

X

View billing



X

*Only Portal admin can delete an invitation.

Project roles



 
reader

owner

admin

billing

user

Dashboard




View dashboard



X
View/edit favorite objects



X
Create/edit/delete sticker

X

SaaS




List services



X
Create/detele service

X

View service detail



X
List service users



X
Add/remove service user

X

Change service users roles

X

Servers




List servers



X
View server detail (connections,apps)



X
Create/delete server

X
X
Change server state

X

Change server capacity

X

Enable/disable server backup

X

List server backups



X
List server usage



X
List server logs



X
List server users



X
Add/remove server user

X

Change server user role

X

Applications




List applications



X
View application detail



X
Create/delete application

X

Detail




View detail





X
Modify project properties

X

Manage service account

X

Resources




View resources



X
Create/request resources

X

Usage




View usage



X
Logs




View logs



X
Network




View security groups/rules



X
Add/modify security groups/rules

X

Storage




View storage



X
Users




Add/invite/remove user to/from project

X

View users in project



X
Change user roles
X


User Detail

X

Billing




View billing


X

Reader role is inherited by all other roles. Admin role inherits from user role. 

Only Portal admin (tdsadmin) role has access to Admin section and additionally has visible a few more folders/buttons in Portal (Retrigger button in Project/Server/Settings).

Application roles

In SaaS applications there are no application roles available for standard users, those are reserved only for TDS administrators.

Roles available for standard users can be found below in entities roles chapter.

Application entities roles

Notes

  • x - means that particular role has that particular permission(s)
  • green colour - it shows what permissions each person gets when assigning roles as designed (whatever role including all lower roles)
ApplicationPermissionsRoles
ReaderUserAdmin
Generalread accessx


comments possibilitiesx


write access
x

administration access

x





Jira project




view issuesx


comment issuesx


editing issues
x

moving issues between workflow steps
x

editing own comments
x

managing issues

x

managing versions

x

managing components

x

managing project workflows

x





Confluence space




view pagesx


comment pagesx


editing pages
x

moving pages
x

editing own comments
x

managing pages

x

managing templates

x

deleting anyone's comments

x





Gitlab project/repository




view codex


committing code
x

creating merge requests
x

approving merge requests

x





Artifactory repository




read repositoryx


write into repository (annotate, deploy, cache, delete,/overwrite)
x

manage repository

x










SeedDMS folder




read access to folderx


write access to folder
x

manage folder

x





Subversion repository




view codex


committing code
x





Bitbucket repositoryReadx


Write
x

Admin

x
  • No labels