Hub Concepts
This page describes the terminology that we use in Hub.
Users
A user is an account that a person can use to log in to Hub and other connected services. A user account includes the email address and password used as login credentials.
Depending on the type of authentication scheme, user accounts can be:
Created manually.
Imported from connected services.
Created automatically upon login.
Every user account can be assigned one or more roles. The roles define access to Hub and service-specific features. The level of access is determined by the permissions that are assigned to the role. Every user account also belongs to at least one group.
In addition to registered users, there are two default user accounts in Hub:
Username | Description |
---|---|
admin | The default system administrator account. This user can perform any operation in Hub. |
guest | A special user account for unregistered users. This user account grants access without authentication to Hub and other connected services. Guest login is enabled by default. |
For more information, see Users.
Groups
A group is a collection of user accounts. Groups let you manage multiple accounts more efficiently. A group in Hub is used as a resource in a project. You can grant and restrict access to specific features in Hub and other connected services for all group members at once.
As a resource in a project, a group also provides access to other resources in the project. For more information, see Managing Groups.
You can create as many user groups as you need. Each user group can contain any number of user accounts and even other user groups. Each user account can belong to multiple user groups.
All Users is a special user group that is always present in the system. This group contains all registered users. You cannot remove users from this group. A role that is assigned to the All Users group grants default permissions to all system users.
For more information, see Groups.
Roles
A role is a collection of permissions.
When you assign a role to a user account or group, the user or group is granted all the permissions assigned to the role.
In Hub, you can only assign permissions to a role. You cannot grant permissions directly to a user or group.
There are three default roles in Hub:
Observer
Developer
System Admin
You can grant roles to users and groups in a project and assign roles to members of a project team.
In addition to the roles that are specific to Hub, roles are imported from the services that are connected to Hub.
For more information, see Roles.
Permissions
A permission is an authorization that allows to a user to perform a particular operation. In Hub, you can only assign permissions to a role. You cannot grant permissions directly to a user or group.
A role is a collection of permissions that defines access to to Hub and service-specific features.
Permissions in Hub fall into two categories:
Category | Description |
---|---|
Hub permissions | These permissions authorize a user to perform an operation in Hub. For example, create a project or update a resource in a connected service. |
Service-specific permissions | These permissions authorize a user to perform an operation in a connected service. These permissions are usually imported to Hub when the data is synchronized with the service. |
Hub permissions are divided into two subcategories:
Subcategory | Description |
---|---|
Global | These permissions are not dependent upon a specific project. Any user who is assigned a role that contains the permission can perform the operation. For example, a user with permission to create new user accounts can do so without being assigned to a specific group or project. Permissions that are imported from an external service can also be assigned to a role at the global level. |
Per-project | These permissions are granted to users who are assigned to a specific project. Add Role in Project and Read User Group are examples of per-project permissions. |
For more information, see Hub Permissions.
Projects
A project is a collection of resources from Hub and other connected services. Projects let you manage user access to these resources in a single place. For example, a project can contain any of the following resources:
A YouTrack project for issue tracking.
A user group in Hub.
When you assign a user to a project in Hub, the user is able to access all resources in the project.
The global project is a special project that is always present in the system. This project incorporates all of the resources available in Hub.
For more information, see Projects.
Project Teams
The project team is a collection of users and groups who are assigned to a specific project. Each user has access to the resources that are connected to the project. The level of access is determined by the roles that are assigned directly to the team.
Unlike a group, the roles that are granted to the project team are limited in scope to a single project. Groups can be used to grant their members various roles in multiple projects.
Services
A service is any application or external service that can be connected and registered in Hub.
Hub supports connections to the JetBrains team collaboration tools YouTrack and Upsource.
For more information, see Services.
Resources
A resource is an entity provided by a connected service, which can be used as a part of a project. Each service can provide access to different resource types, as shown in the following table.
Service | Resource | Description |
---|---|---|
Hub | Group | Provides group members with access to the resources of a project. |
YouTrack | Project | Provides issue tracking for the project. |
Auth Modules
Auth modules enable authentication for users in external services and applications that are connected to Hub.
For setup instructions, see Auth Modules.