Roles and Permissions

In CodeCanvas, you can't grant individual permissions directly to a user. To provide a user with specific permissions, you grant that user a Role which contains those permissions. Read the short overview below.

Overview

Default roles

By default, there are only three roles in CodeCanvas: System Admin, Member, and Namespace Admin.

Custom roles

If the default roles don't meet your needs, you can create a custom role with your own selection of permissions.

System administrator

By default, there is only one user with the System Admin role in CodeCanvas – the one whose credentials you provided during the installation (EKS, GKE. You can add more system administrators if needed.

The System Admin role can't be modified. However, you can create a custom role with your own selection of global permissions.

Ordinary users

Every new user created in CodeCanvas is automatically assigned the Member role.

Namespace administrators

Unlike the System Admin and Member roles, the Namespace Admin role works only within a specific namespace. For example, a user who is a Namespace Admin in one namespace doesn't have any special permissions in another namespace. Learn more about permission scopes

By default, only system administrators can assign the Namespace Admin role to other users. Learn more about access to namespaces

Permission scopes

User permissions in CodeCanvas fall into two categories:

Global permissions — relevant in the global CodeCanvas scope.
Namespace-specific permissions — relevant only within a namespace.

CodeCanvas comes with a number of Default roles (described in the table below). Upon the initial registration, users are automatically assigned the Member role.

Global permissions

Default Role	Description	Note
System Admin	Granted to the users in charge of administering the CodeCanvas installation. Includes all available rights in all areas except for Namespaces.	This System Admin role can't be edited. Instead, the system administrator can create a new Role with a custom set of permissions.
Member	This role is issued by default to all new users in CodeCanvas. It defines the base level of permissions that are available to every member in your organization. Specific permissions that aren't enabled for this role can be granted separately at the namespace level.	This role is permanently assigned to all members and can't be revoked. System Admin can modify the Member role by adding or removing some permissions.

Default Role

Description

Note

System Admin

Granted to the users in charge of administering the CodeCanvas installation. Includes all available rights in all areas except for Namespaces.

This System Admin role can't be edited. Instead, the system administrator can create a new Role with a custom set of permissions.

Member

This role is issued by default to all new users in CodeCanvas. It defines the base level of permissions that are available to every member in your organization. Specific permissions that aren't enabled for this role can be granted separately at the namespace level.

This role is permanently assigned to all members and can't be revoked.

System Admin can modify the Member role by adding or removing some permissions.

Namespace-specific permissions

Default Role	Description	Note
Namespace Admin	By default, only System Admins can assign this role to other users. But if ordinary users with the Member role are granted the Create new namespaces permission, they automatically become Namespace Admins for the namespaces they create. Intended for namespace participants that should be allowed to manage access and configure namespace resources (Git repositories, dev environment templates, etc.).	System Admin can modify the default templates for these roles or create a new template with a different variety of namespace access permissions. The role templates can be then used by Namespace Admins to create roles for their namespaces and assign those roles to their namespace participants.

Default Role

Description

Note

Namespace Admin

By default, only System Admins can assign this role to other users. But if ordinary users with the Member role are granted the Create new namespaces permission, they automatically become Namespace Admins for the namespaces they create.

Intended for namespace participants that should be allowed to manage access and configure namespace resources (Git repositories, dev environment templates, etc.).

System Admin can modify the default templates for these roles or create a new template with a different variety of namespace access permissions. The role templates can be then used by Namespace Admins to create roles for their namespaces and assign those roles to their namespace participants.

Last modified: 02 July 2024