Skip to main content
Version: 8 - Apfelstrudel

Default roles

This project contains some default roles for different identities and usecases.

Provided roles:

  • User: A role which allows basic access to the UI.
  • Developer
  • Operator
  • Admin
  • Webhook
  • Schedule
  • Git Sync
  • Sync Config

Release Notes:

2023-10-03 adjust rights of developer role

2023-02-15 initial release

Download

Download the bundle using the Bundle Manager.

Included resources

Admin

A role for admins. Allows access to everything, it is recommended to assign this role sparingly and instead use roles with narrower sets of permissions where possible.

Developer

A role for developers. It allows creating of executions, flows and other resources needed to effectively develop an automation. It does not allow creating of connectors or other resources which grant access to cloudomation.

Git Sync

Since it is possible to synchronize nearly everything via import files, this role allows to create nearly everything. Only a few resources are not allowed like Users and Executions. When assigning this role to an identity make sure to set propagate=False, otherwise all identities created by that identity will have nearly unrestricted access to your system.

Operator

A role for operators. It grants permission to create resources and identities which grant access to cloudomation, like sync configs, webhooks and git configs.

Schedule

A role which every schedule needs. This role is intended to be mapped to a schedule with the flag propagate=False. Executions created by that schedule will thus not have this role. Any roles intended for created executions should be given to the schedule with propagate=True. Permissions are not restricted on a specific project.

Sync Config

A role which every sync config needs. This role is intended to be mapped to a sync config with the flag propagate=False. Executions created by that sync config will thus not have this role. Any roles intended for created executions should be given to the sync config with propagate=True. Permissions are not restricted on a specific project.

User

A user role which allows basic access to the UI.

Webhook

A role which every webhook needs. This role is intended to be mapped to a webhook with the flag propagate=False. Executions created by that webhook will thus not have this role. Any roles intended for created executions should be given to the webhook with propagate=True. Permissions are not restricted on a specific project.