Roles
Roles are only used during process execution (importing artifacts and deploying). They are intended to manage a user's authorization to execute certain procedures during an import or deployment process or assign a task. users with roles can be kept informed via notifications during process execution in order to be able to make decisions correctly.
Having a certain role does not automatically mean that a user is required to do something during process execution because multiple users can be assigned the same role. However in order to carry out certain actions, like executing a deployment process, a user must be assigned the role that authorizes him to do so.
The DROPS entities involved in process execution and therefore those to which roles must be assigned are:
- applications
- releases
- clients (if multi-client mode is activated)
- environments, environment groups and environment types
- infrastructure items
- deployment plans
Each individual instance of an entity can have different users assigned to it depending on the needs of your organization.
Two different environments may be managed by two different people because deploying to a production environment might only be done by a manager, while deploying to a test environment could be done by a developer.
However, roles can also be defined globally. Assigning a role to all instances of an entity instead of just one or several enables a user to play the same role for every entity.
A manager with a team of 3 people may be granted global access to all applications in order to oversee all the individual applications his team creates. Each of the three teammates may only need to import artifacts for the application(s) they are in charge of, but not the others. The manager's role is assigned on the global level by an admin using the Generic Roles menu in the Preferences menu while the team's roles are assigned in the individual application(s) from the Roles view.
In terms of authorization, there is no overlap between roles and rights. However, it is important to carefully assign rights that correspond to an entity to a user’s profile so that when he is assigned a role his access is unrestricted.
Roles are used to authorize users to perform actions involved in the import or deployment processes while rights are used to grant authorization to create, access and/or modify the entities involved in the processes.
If a user has the Repository Manager role for an application and has the right to view applications but does not have the right to edit them, all applications will be read-only. The user can still carry out the processes associated with the application because of their Repository Manager role, such as importing artifacts, but he cannot manage the release number version for the application because his application editing rights are restricted.
The following table lists the entities to which roles are available for each entity and for what a user with that role is responsible. The rights required for each role are also indicated by category.
For more information about assigning roles at the entity-level, refer to Assigning entity-level roles.
For more information about assigning roles at the global-level, refer to Assigning global-level roles.
For more information about creating and managing profiles and rights, refer to
For more information about creating DROPS users, refer to User accounts.