Hub 2017.1 Help

Hub Permissions

A permission is an authorization granted to a user to perform particular operations. Permissions are granted to a user within a role, but not directly.

A role is a set of permissions which defines the level of access for a user to particular functionality and operations.

Permissions in Hub are divided in two categories:

  • Global permissions are granted at the global scope and do not depend on a specific project. For example, you cannot grant permission to create user accounts in a single project, you can do it only in the system-wide scope. Global permissions are marked with the globe icon (/help/img/hub/2017.1/iconGlobe.png) in the list of permissions.
  • Per-project permissions allow actions related to a specific project. Read Project or Read User Group are examples of such permissions.

The following permissions are built into Hub and regulate access to Hub administration.

Project-related Permissions

The following permissions grant access to project-related actions.

PermissionDescription
Create Project /help/img/hub/2017.1/iconGlobe.pngCreate a new project.
Read ProjectView project properties and content. List project resources. This permission is required (with Read Role) to read the project roles of a user, group, or service.
Update ProjectEdit the properties and content of a project. Add and remove resources.
Delete ProjectDelete projects.

Role-related Permissions

The following permissions grant access to role-related actions. These permissions are all available at the global level.

PermissionDescription
Create Role /help/img/hub/2017.1/iconGlobe.pngCreate a new role.
Read Role /help/img/hub/2017.1/iconGlobe.pngView the list of roles. View the set of permissions assigned to a role. This permission is required (with Read Project) to read the project roles of user, group, or service.
Update Role /help/img/hub/2017.1/iconGlobe.pngModify the properties of and set of permissions assigned to a role.
Delete Role /help/img/hub/2017.1/iconGlobe.pngDelete roles.

Project Role-related Permissions

The following permissions grant access to actions that link projects and roles. These permissions are all available at the per-project level.

PermissionDescription
Add Role in ProjectAssign a role to a user, group, or service the role in the project.
Remove Role in projectRemove the role assignment from a user, group, or service in the project.

User-related Permissions

The following permissions grant access to user-related actions. These permissions all available at the global level.

PermissionDescription
Create User /help/img/hub/2017.1/iconGlobe.pngRegister new users. Invite new users.
Read User /help/img/hub/2017.1/iconGlobe.pngView the list of registered user accounts. Read user authorization details. This permission is required (with Update Group) to modify group membership for another user account.
Update User /help/img/hub/2017.1/iconGlobe.pngEdit the user name. Edit, create, or delete user profile data. Ban and merge user accounts.
Delete User /help/img/hub/2017.1/iconGlobe.pngDelete user accounts.
Read Self /help/img/hub/2017.1/iconGlobe.pngSame as Read User, but only for the current user account.
Update Self /help/img/hub/2017.1/iconGlobe.pngSame as Update User, but only for the current user account.

Group-related Permissions

The following permissions grant access to group-related actions. User groups are used as resources in a project. These permissions are all available at the per-project level.

PermissionDescription
Create User GroupCreate new user groups.
Read User GroupView the list of user groups. View group properties. This permission is required (with Read User Group permission for the subgroup) to view subgroups. Required in combination with Read User to view the members of a group.
Update User GroupModify the properties of a user group. Required in combination with Update User Group for parent and child groups to add or remove subgroups. Required in combination with Read User to modify group memberships.
Delete User GroupDelete user groups.

Service-related Permissions

The following permissions grant access to service-related actions. These permissions are all available at the global level.

PermissionDescription
Create Service /help/img/hub/2017.1/iconGlobe.pngRegister a new service.
Read Service /help/img/hub/2017.1/iconGlobe.pngView the list of services. View the properties of a service. View service resources, permissions, and default roles.
Update Service /help/img/hub/2017.1/iconGlobe.pngModify the properties of a service. Create, update, or delete the resources, permissions, and default roles for a service.
Delete Service /help/img/hub/2017.1/iconGlobe.pngDelete services.

Auth Module-related Permissions

The following permissions grant access to authentication module-related actions. These permissions are all available at the global level.

PermissionDescription
Create Auth Module /help/img/hub/2017.1/iconGlobe.pngAdd and enable a new authentication module.
Read Auth Module /help/img/hub/2017.1/iconGlobe.pngView the list of authentication modules. View the properties of an authentication module.
Update Auth Module /help/img/hub/2017.1/iconGlobe.pngModify the properties of an authentication module.
Delete Auth Module /help/img/hub/2017.1/iconGlobe.pngDelete authentication modules.

Generic Permissions

The following permissions are not related to specific entities in the system. These permissions are available at the global level.

PermissionDescription
Low-level Administration /help/img/hub/2017.1/iconGlobe.pngManage low-level administrative actions. Includes permission to integrate with third-party services and back up the database.
Low-level Read Administration /help/img/hub/2017.1/iconGlobe.pngRead-only access to low-level administrative settings. Includes permission to view integrations with third-party services and metrics.
Last modified: 6 April 2017