Roles and Permissions
In CodeCanvas, you can't grant individual permissions directly to a user. To provide a user with specific permissions, you grant that user a Role which contains those permissions. Read the short overview below.
Overview
- Default roles
By default, there are only three roles in CodeCanvas: System Admin, Member, and Namespace Admin.
- Custom roles
If the default roles don't meet your needs, you can create a custom role with your own selection of permissions.
- System administrator
By default, there is only one user with the System Admin role in CodeCanvas – the one whose credentials you provided during the installation (EKS, GKE. You can add more system administrators if needed.
The System Admin role can't be modified. However, you can create a custom role with your own selection of global permissions.
- Ordinary users
Every new user created in CodeCanvas is automatically assigned the Member role.
- Namespace administrators
Unlike the System Admin and Member roles, the Namespace Admin role works only within a specific namespace. For example, a user who is a Namespace Admin in one namespace doesn't have any special permissions in another namespace. Learn more about permission scopes
By default, only system administrators can assign the Namespace Admin role to other users. Learn more about access to namespaces
Permission scopes
User permissions in CodeCanvas fall into two categories:
Global permissions — relevant in the global CodeCanvas scope.
Namespace-specific permissions — relevant only within a namespace.
CodeCanvas comes with a number of Default roles (described in the table below). Upon the initial registration, users are automatically assigned the Member role.
Global permissions
Default Role | Description | Note |
---|---|---|
System Admin | Granted to the users in charge of administering the CodeCanvas installation. Includes all available rights in all areas except for Namespaces. | This System Admin role can't be edited. Instead, the system administrator can create a new Role with a custom set of permissions. |
Member | This role is issued by default to all new users in CodeCanvas. It defines the base level of permissions that are available to every member in your organization. Specific permissions that aren't enabled for this role can be granted separately at the namespace level. | This role is permanently assigned to all members and can't be revoked. System Admin can modify the Member role by adding or removing some permissions. |
Namespace-specific permissions
Default Role | Description | Note |
---|---|---|
Namespace Admin | By default, only System Admins can assign this role to other users. But if ordinary users with the Member role are granted the Create new namespaces permission, they automatically become Namespace Admins for the namespaces they create. Intended for namespace participants that should be allowed to manage access and configure namespace resources (Git repositories, dev environment templates, etc.). | System Admin can modify the default templates for these roles or create a new template with a different variety of namespace access permissions. The role templates can be then used by Namespace Admins to create roles for their namespaces and assign those roles to their namespace participants. |