Help Center> CodeArts Pipeline> User Guide> Permissions> Tenant-level Permissions
Updated on 2023-11-28 GMT+08:00
View PDF

Tenant-level Permissions

An administrator can use IAM to configure tenant-level rules, tenant-level policies, extensions, and pipeline templates for specified users.

Configuration Method

  1. Use a tenant account or another authorized account to log in to CodeArts. Click the avatar in the upper right corner and choose IAM to access the IAM console.
  2. In the navigation pane, choose User Groups. On the displayed page, create a user group or select an existing user group, and click Authorize.

    Select Pipeline service to view the following policies:

    Policy Name

    Description

    CloudPipeline Tenant Rules FullAccess

    Controls whether a user has full permissions for tenant-level rules of CodeArts Pipeline.

    CloudPipeline Tenant Rule Templates FullAccess

    Controls whether a user has full permissions for tenant-level policies of CodeArts Pipeline.

    CloudPipeline Tenant Extensions FullAccess

    Controls whether a user has full permissions for extensions of CodeArts Pipeline.

    CloudPipeline Tenant Pipeline Templates FullAccess

    Controls whether a user has full permissions for templates of CodeArts Pipeline.
  3. Select the required policy, click Next, and set the minimum authorization scope for the user group.
  4. Add a specified user to a user group through user authorization or user group management.

In addition to system-defined policies, tenants can also create custom policies to grant permissions.

Policy Management

Log in to CodeArts, click the avatar in the upper right corner, choose All Account Settings > Policy Management, and view Rules and Policies.

  • In IAM, rule and policy settings correspond to permissions cloudpipeline:rule:update and cloudpipeline:ruletemplate:update respectively. An administrator can use the built-in system-defined policies CloudPipeline Tenant Rules FullAccess and CloudPipeline Tenant Rule Templates FullAccess to authorize them in a unified manner or customize policies to authorize them separately.
  • Common users under a tenant can view all data after choosing Policy Management > Rules. Authorized users can view and manage all tenant-level rules.
  • Common users under a tenant can view all data after choosing Policy Management > Policies. Authorized users can view and manage all tenant-level policies.

Extensions

Log in to CodeArts and choose Services > Extensions.

  • The extension permission corresponds to cloudpipeline:extensions:update in IAM. An administrator can use system-defined policies CloudPipeline Tenant Extensions FullAccess or custom policies to authorize users.
  • Common users of a tenant can view all extensions on the page. Authorized users can view and manage all extensions of the tenant.

Pipeline Templates

Log in to CodeArts, choose Services > Pipeline, and click Templates.

  • The pipeline template permission corresponds to cloudpipeline:pipelinetemplate:update in IAM. An administrator can use system-defined policies CloudPipeline Tenant Pipeline Templates FullAccess or custom policies to authorize users.
  • Common users of a tenant can create templates and view all templates. However, they can manage only the templates created by themselves. Authorized users can view and manage all templates of the tenant.
Parent topic: Permissions