YouTrack Standalone 2017.3 Help

Hub Permissions

A permission is an authorization granted to a user to perform particular operations. Permissions are granted to a user within a role, but not directly.

A role is a set of permissions which defines the level of access for a user to particular functionality and operations.

Permissions for the Hub application are divided in two categories:

  • Global permissions are granted at the global scope and do not depend on a specific project. For example, you cannot grant permission to create user accounts in a single project, you can do it only in the system-wide scope. Global permissions are marked with the globe icon (iconGlobe) in the list of permissions.

  • Per-project permissions allow actions related to a specific project. Read Project or Read User Group are examples of such permissions.

The following permissions are used by the built-in Hub service to regulate access to administrative actions.

Generic Permissions

The following permissions are not related to specific entities in the system. These permissions are available at the global level.

Permission

Description

Low-level Administration iconGlobe

Manage low-level administrative actions. Includes permission to integrate with third-party services and back up the database.

Low-level Read Administration iconGlobe

Read-only access to low-level administrative settings. Includes permission to view integrations with third-party services and metrics.

Authentication Module

The following permissions grant access to authentication module-related actions. These permissions are all available at the global level.

Permission

Description

Create Auth Module iconGlobe

Add and enable a new authentication module.

Delete Auth Module iconGlobe

Delete authentication modules.

Read Auth Module iconGlobe

View the list of authentication modules. View the properties of an authentication module.

Update Auth Module iconGlobe

Modify the properties of an authentication module.

The following permissions grant access to project-related actions.

Permission

Description

Create Project iconGlobe

Create a new project.

Delete Project

Delete projects.

Read Project

View project properties and content. List project resources. This permission is required (with Read Role) to read the project roles of a user, group, or service.

Update Project

Edit the properties and content of a project. Add and remove resources.

The following permissions grant access to actions that link projects and roles. These permissions are all available at the per-project level.

Permission

Description

Add Role in Project

Assign a role to a user, group, or service the role in the project.

Remove Role in project

Remove the role assignment from a user, group, or service in the project.

The following permissions grant access to role-related actions. These permissions are all available at the global level.

Permission

Description

Create Role iconGlobe

Create a new role.

Delete Role iconGlobe

Delete roles.

Read Role iconGlobe

View the list of roles. View the set of permissions assigned to a role. This permission is required (with Read Project) to read the project roles of user, group, or service.

Update Role iconGlobe

Modify the properties of and set of permissions assigned to a role.

The following permissions grant access to service-related actions. These permissions are all available at the global level.

Permission

Description

Create Service iconGlobe

Register a new service.

Delete Service iconGlobe

Delete services.

Read Service iconGlobe

View the list of services. View the properties of a service. View service resources, permissions, and default roles.

Update Service iconGlobe

Modify the properties of a service. Create, update, or delete the resources, permissions, and default roles for a service.

The following permissions grant access to user-related actions. These permissions all available at the global level.

Permission

Description

Create User iconGlobe

Register new users. Invite new users.

Delete User iconGlobe

Delete user accounts.

Read Self iconGlobe

Same as Read User, but only for the current user account.

Read User iconGlobe

View the list of registered user accounts. Read user authorization details. This permission is required (with Update Group) to modify group membership for another user account.

Update Self iconGlobe

Same as Update User, but only for the current user account.

Update User iconGlobe

Edit the user name. Edit, create, or delete user profile data. Ban and merge user accounts.

The following permissions grant access to group-related actions. User groups are used as resources in a project. These permissions are all available at the per-project level.

Permission

Description

Create User Group

Create new user groups.

Delete User Group

Delete user groups.

Read User Group

View the list of user groups. View group properties. This permission is required (with Read User Group permission for the subgroup) to view subgroups. Required in combination with Read User to view the members of a group.

Update User Group

Modify the properties of a user group. Required in combination with Update User Group for parent and child groups to add or remove subgroups. Required in combination with Read User to modify group memberships.

Last modified: 7 March 2019