IMPORTANT: This documentation has been discontinued. Read the updated System roles and default groups documentation on our new documentation portal.
What are system roles?
To help you on the governance and access control, Digibee provides a series of predefined system roles that can only be modified by Digibee. These roles cover several responsibilities in the Platform in a granular way to aid in the composition of group permissions. The sum of all roles gives full access to the Platform.
The system roles have the following archetypes applied in their specific contexts::
Builder: can execute a task from end-to-end.
Viewer: can only read (visualize) tasks and other information, according to the given context.
Publisher: can publish, deploy or make Capsules publicly available.
Manager: has full access to the platform.
The following table shows all system roles and their respective permissions:
Role Name | Permission | ACLs |
Account Manager | Account - read, create, update, delete Audit - read Global - read, create, update, delete Relation - create, read, update, delete User - read Oauth - create, update, delete | ACCOUNT:CREATE ACCOUNT:DELETE ACCOUNT:READ ACCOUNT:UPDATE AUDIT:READ GLOBAL:CREATE GLOBAL:DELETE GLOBAL:READ GLOBAL:UPDATE RELATION:CREATE RELATION:DELETE RELATION:READ RELATION:UPDATE USER:READ OAUTH:CREATE OAUTH:DELETE OAUTH:UPDATE |
Account Viewer | Account - read Audit - read Global - read Relation - read User - read
| ACCOUNT:READ AUDIT:READ GLOBAL:READ RELATION:READ USER:READ
|
Api Key Manager | API Key - read, create, update, delete, create api key, delete api key Audit - read User - read | APIKEY:CREATE APIKEY:CREATE:ACL APIKEY:CREATE:APIKEY APIKEY:DELETE APIKEY:DELETE:APIKEY APIKEY:READ APIKEY:UPDATE AUDIT:READ USER:READ |
Api Key Viewer | Consumer - read Audit - read User - read | APIKEY:READ AUDIT:READ USER:READ |
Audit Viewer | Audit - read | AUDIT:READ |
Capsule Builder | Account - read Capsule - read create, update, delete,, create group, create header, update header, delete header Global - read Relation - read Test mode - execute | ACCOUNT:READ CAPSULE:CREATE CAPSULE:CREATE:GROUP CAPSULE:CREATE:HEADER CAPSULE:DELETE CAPSULE:DELETE:HEADER CAPSULE:READ CAPSULE:UPDATE CAPSULE:UPDATE:HEADER GLOBAL:READ RELATION:READ TEST-MODE:EXECUTE:CAPSULE |
Capsule Manager | Capsule - read create, update, delete, create group, update group, delete group, create header, update header, delete header Replica - read Test mode - execute capsule | CAPSULE:CREATE CAPSULE:CREATE:GROUP CAPSULE:CREATE:HEADER CAPSULE:DELETE CAPSULE:DELETE:HEADER CAPSULE:READ CAPSULE:UPDATE CAPSULE:UPDATE:HEADER REPLICA:READ TEST-MODE:EXECUTE:CAPSULE CAPSULE:DELETE:GROUP CAPSULE:UPDATE:GROUP CAPSULE:CREATE:COLLECTION |
Capsule Publisher | Capsule - update publish | CAPSULE:UPDATE:PUBLISH |
Deployment Manager | Configuration - read, create, update Deployment - read, create, update, delete, redeploy User - read list JWT, create generate JWT, delete revoke JWT, read open auth config | CONFIGURATION:CREATE CONFIGURATION:READ CONFIGURATION:UPDATE DEPLOYMENT:CREATE DEPLOYMENT:CREATE:REDEPLOY DEPLOYMENT:DELETE DEPLOYMENT:EXECUTE DEPLOYMENT:READ USER:READ:LIST-JWT USER:CREATE:GENERATE-JWT USER:DELETE:REVOKE-JWT USER:READ:OPEN-AUTH-CONFIG |
Deployment Viewer | Configuration - read Deployment - read | CONFIGURATION:READ DEPLOYMENT:READ |
Global Manager | Global - read, create, update, delete | GLOBAL:CREATE GLOBAL:DELETE GLOBAL:READ GLOBAL:UPDATE |
Global Viewer | Global - read | GLOBAL:READ |
Groups Manager | Group - read, create, update, delete, read permission User - read permission, read inactive permission, update assign group Permission - read | GROUP:CREATE GROUP:READ GROUP:READ:PERMISSION GROUP:UPDATE GROUP:DELETE USER:UPDATE:ASSIGN-GROUP USER:READ:PERMISSION USER:READ:INACTIVE-PERMISSION PERMISSION:READ SAML-GROUP-MAPPING:CREATE SAML-GROUP-MAPPING:READ SAML-GROUP-MAPPING:UPDATE SAML-GROUP-MAPPING:DELETE |
Logs Viewer | Log - read Message - read Stats - read | LOG:READ MESSAGE:READ STATS:READ |
Multi instance Manager | Multi-instance - read, create, update, delete | REPLICA:READ REPLICA:CREATE REPLICA:UPDATE REPLICA:DELETE |
Multi instance Viewer | Multi-instance - read | REPLICA:READ |
Metrics Viewer | Metric - read | METRIC:READ |
Pipeline Builder | Account - read Configuration - read, create, update Consumer - read Global - reads Pipeline - read, create, update, read history Project - read Relation - read Replica - read Test mode - execute | ACCOUNT:READ CONFIGURATION:CREATE CONFIGURATION:READ CONFIGURATION:UPDATE APIKEY:READ GLOBAL:READ PIPELINE:CREATE PIPELINE:READ PIPELINE:READ:HISTORY PIPELINE:UPDATE PROJECT:READ RELATION:READ REPLICA:READ TEST-MODE:EXECUTE |
Pipeline Executor | Deployment - execute | DEPLOYMENT:EXECUTE |
Pipeline Manager | Account - read Configuration - read, create, update Consumer - read Global - read Pipeline - read, create, update, delete, read history Project - read, update link with pipeline Relation - read Replica - read Text mode - execute | ACCOUNT:READ CONFIGURATION:CREATE CONFIGURATION:READ CONFIGURATION:UPDATE APIKEY:READ GLOBAL:READ PIPELINE:CREATE PIPELINE:DELETE PIPELINE:READ PIPELINE:READ:HISTORY PIPELINE:UPDATE PROJECT:READ PROJECT:UPDATE:LINK-WITH-PIPELINE RELATION:READ REPLICA:READ TEST-MODE:EXECUTE |
Projects Manager | Audit - read Project - read, create, update, delete, update link with pipeline Permission - read | AUDIT:READ PROJECT:CREATE PROJECT:DELETE PROJECT:READ PROJECT:UPDATE PROJECT:UPDATE:LINK-WITH-PIPELINE PERMISSION:READ |
Relationship Manager | Relationship - read, create, update, delete | RELATION:READ RELATION:CREATE RELATION:UPDATE RELATION:DELETE |
Relationship Viewer | Relationship - read | RELATION:READ |
Roles Manager | Role - read, create, update, delete Permission - read | ROLE:CREATE ROLE:READ ROLE:UPDATE ROLE:DELETE PERMISSION:READ |
Running Executions Manager | Running Execution - read, cancel | INFLIGHT:CANCEL INFLIGHT:READ |
Running Executions Viewer | Running Execution - read | INFLIGHT:READ |
Users Manager | User - read, create, update, delete Permission - read | USER:CREATE USER:DELETE USER:READ USER:UPDATE PERMISSION:READ |
How to use system roles
Go to the Group screen at the settings page, then access an existing group or create a new one. Select the Permissions tab, add a new bond/link, choose one of the system roles and save the record.
If the system roles don’t fully meet your needs, it’s possible to use the Duplicate feature to create a system role copy and modify it.
To do so, go to the Roles screen at the settings page, then access a system role and click on the Duplicate button (the new role’s name will be the same as the original one, plus the "copy" sufix). Modify as needed and save the new role.
Default groups
To make the adoption of system roles even easier, each Realm comes with pre-defined groups named default groups. These groups have several profiles which we believe to cover the most common scenarios of the Platform’s users.
Next, we will introduce you the default groups and their respective system roles:
Developers
The group responsible for building integrations through pipelines, capsules and collections. Includes the following system roles: Pipeline Builder, Capsule Builder, Pipeline Manager e Deployment Viewer.
Deployers
The group responsible for the deployment of pipelines and the management of their execution. Includes the following system roles: Deployment Manager e Deployment Viewer.
Access Managers
The group responsible for the data security and access management, such as API keys, tokens, passwords or access permissions on the Platform. Includes the following system roles: Users Manager, Roles Manager, Groups Manager e Projects Manager.
Governance Managers
The group responsible for the organization, standardization and good practices during the integration building process. It ensures the Developers have what they need to work in a scalable and structured manner. Includes the following system roles: Account Viewer, Global Manager, Global Viewer, Capsule Manager, Capsule Publisher, Pipeline Manager, Audit Viewer, Multi instance Manager, Multi instance Viewer, API Key Manager, API Key Viewer, Relationship Manager e Relationship Viewer.
Credential Managers
The group responsible for keeping passwords, client secrets, tokens and API keys safe, up to date and with the proper access permissions. Includes the following system roles: Account Manager e API Key Manager.
Support
The group responsible for analyzing the health and performance of the deployments to offer operational support or to make business decisions. Includes the following system roles: Pipeline Logs Viewer, Pipeline Metrics Viewer, Running Executions Manager, Running Executions Viewer e Pipeline Executor.
How to use default groups
Access the Groups screen, select a default group and associate users. The default groups can be modified or deleted. If you have a group missing, it could be because a Realm’s user deleted it. In this case you can contact the support team to request new pre-defined groups.
Feedback
We would love to know your thoughts and suggestions about this feature. Take a look at how easy it is to send your feedback: