Help Center/ CodeArts Pipeline/ User Guide/ Configuring Pipeline Permissions/ Tenant-level Permissions
Updated on 2024-05-29 GMT+08:00
View PDF

Tenant-level Permissions

An administrator can use IAM to configure permissions on tenant-level rules, tenant-level policies, extensions, and pipeline templates for specified users.

Configuration Method

  1. Use a tenant account or another authorized account to log in to CodeArts. Click the avatar in the upper right corner and choose IAM to access the IAM console.
  2. In the navigation pane on the left, choose User Groups. On the displayed page, create a user group or select an existing user group, and click Authorize.

    Select the CodeArts Pipeline service to view policies, as shown in the following table.

    Policy Name

    Description

    CloudPipeline Tenant Rules FullAccess

    Full permissions on tenant-level rules of CodeArts Pipeline.

    CloudPipeline Tenant Rule Templates FullAccess

    Full permissions on tenant-level policies of CodeArts Pipeline.

    CloudPipeline Tenant Extensions FullAccess

    Full permissions on extensions of CodeArts Pipeline.

    CloudPipeline Tenant Pipeline Templates FullAccess

    Full permissions on templates of CodeArts Pipeline.
  3. Select the required policy, click Next, and set the minimum authorization scope for the user group.
  4. Add a specified user to a user group through user authorization or user group management.

In addition to system-defined policies, tenants can also create custom policies to grant permissions.

Policy Management

Log in to CodeArts, click the avatar in the upper right corner. Choose All Account Settings > Policy Management to manage Rules and Policies.

  • Permissions on rules and policies correspond to cloudpipeline:rule:update and cloudpipeline:ruletemplate:update in IAM respectively. An administrator can use system-defined policies CloudPipeline Tenant Rules FullAccess and CloudPipeline Tenant Rule Templates FullAccess to authorize them in a unified manner or customize policies to authorize them separately.
  • Common users can choose Policy Management > Rules to view all rules. Authorized users can view and manage all tenant-level rules.
  • Common users can choose Policy Management > Policies to view all policies. Authorized users can view and manage all tenant-level policies.

Extensions

Log in to CodeArts and choose Services > Extensions.

  • Permission on extensions corresponds to cloudpipeline:extensions:update in IAM. An administrator can use system-defined policy CloudPipeline Tenant Extensions FullAccess or custom policies to authorize users.
  • Common users can view all extensions on the extension page. Authorized users can view and manage all extensions of a tenant.

Pipeline Templates

Log in to CodeArts, choose Services > Pipeline, and click Templates.

  • Permission on pipeline templates corresponds to cloudpipeline:pipelinetemplate:update in IAM. An administrator can use system-defined policy CloudPipeline Tenant Pipeline Templates FullAccess or custom policies to authorize users.
  • Common users can create and view templates. However, they can manage only the templates created by themselves. Authorized users can view and manage all templates of the tenant.