Help Center/ CodeArts Build/ Best Practices/ Configuring Role-based Permissions Before Using CodeArts Build
Updated on 2025-09-08 GMT+08:00

Configuring Role-based Permissions Before Using CodeArts Build

Background

  • Data security: Permissions management prevents unauthorized access to sensitive data, mitigating risks of data leakage, tampering, or misuse. For example, financial records should be accessible only to finance staff and administrators.
  • Misoperation prevention: Permissions limit users to actions within their defined responsibilities. By granting users only the permissions required for their tasks, you reduce the likelihood of system or data errors caused by unintended operations.
  • Accountability and auditability: Clear permission boundaries define user responsibilities and make it easy to track operations, supporting follow-up audits or troubleshooting. For instance, system logs can record who modified specific data and when.
  • Efficient management: Centralized role management streamlines permission assignment, avoids "all-access" configurations, keeps permission structures rational, and reduces administrative overhead. For example, you can assign permissions to a role once, then apply that role to multiple users.
  • Regulatory compliance: Many industries, such as finance and healthcare, must meet strict standards like General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA). Proper permissions management is essential for meeting these requirements and avoiding compliance violations.
  • Multi-level collaboration: In large systems, permissions management enable collaboration across multiple roles, such as project administrators, product managers, developers, testers, and viewers, ensuring each role has the right level of access for efficient, secure operations.

    Permissions management is essential to product design. It strikes the right balance between functionality and security, forming the foundation for stable system operations.

Solution

In this section, you learn how to leverage role-based access control (RBAC) to establish fine-grained permission management for custom workflows in a traditional enterprise.

Table 1 Roles involved in this example

Project Member

Role

Responsibility

Sarah

Project manager

Creates projects, sets up project teams, and configures roles and permissions for members.

Jack

Operation manager

Acts as a build engineer to manage and standardize build tasks.

Maggie

Developer

Develops, builds, and debugs code.

Mary

Tester

Tests and verifies build tasks.

Lucy

Viewer

Examines build tasks' execution details.

Preparing for the Practice

  • Ensure that the project owner has registered a HUAWEI ID and enabled Huawei Cloud services. For details, see Signing Up for a HUAWEI ID and Enabling Huawei Cloud Services.
  • Ensure that the project owner has created IAM users for project members. For details, see Creating an IAM User.
  • Purchase CodeArts Pro (or higher edition).
    • Purchasing a CodeArts package
      1. Go to the Buy CodeArts Package page.
      2. Select the Pro edition, retain the default value for Users, set Required Duration to 1 month, agree to the statement, and click Next.
      3. Confirm the order and click Pay.
      4. Follow the prompts to complete the payment.
      5. Check the subscription record on the CodeArts page.

Creating Resources In Advance

  • Ensure that the project manager has created a Scrum project named test. For details, see Creating a CodeArts Project.
  • Ensure that the project manager has created a code repository (test_repo) from the template Java Maven Demo. For details, see Creating a Repository Using a Template.

    Creating a code repository requires permissions on CodeArts Repo. For details, see Purchasing CodeArts Repo. If you already have an active subscription to CodeArts, you do not need to purchase a separate CodeArts Repo package.

  • Ensure that the project manager has created a build task that is named test_task and uses test_repo as the code source. For details, see Defining a Build Task on GUI.

Adding Project Members

Sarah (project owner) creates accounts for team members and adds them to the project. Project members can be added in batches. For details, see How Do I Create Accounts for Multiple CodeArts Users?

Project Member

Role

Responsibility

Sarah

Project manager

Creates projects, sets up project teams, and configures roles and permissions for members.

Jack

Operation manager

Acts as a build engineer to manage and standardize build tasks.

Maggie

Developer

Develops, builds, and debugs code.

Mary

Tester

Tests and verifies build tasks.

Lucy

Viewer

Examines build tasks' execution details.

Configuring Project-level Roles and Permissions

CodeArts Build provides RBAC. Project-level permissions determine what actions a user can take within a project.

Service resources and their associated permissions vary by project type. Default role configurations are preset for each project type.

  1. The project manager (Sarah) has all permissions for CodeArts Repo and CodeArts Build, overseeing overall project construction and management.

    The following figure shows this role's permissions for CodeArts Repo.

    The following figure shows this role's permissions for CodeArts Build.

  2. The operation manager (Jack) manages and maintains build tasks. This role standardizes and codifies build processes into templates to improve efficiency.

    The following figure shows this role's permissions for CodeArts Repo.

    The following figure shows this role's permissions for CodeArts Build.

  3. The developer (Maggie) requires development access to the test_repo code repository and execution permissions for build tasks to debug and validate compilation results.

    The following figure shows this role's permissions for CodeArts Repo.

    The following figure shows this role's permissions for CodeArts Build.

  4. The tester (Mary) needs build task execution permissions to verify compilation results.

    The following figure shows this role's permissions for CodeArts Repo.

    The following figure shows this role's permissions for CodeArts Build.

  5. The viewer (Lucy) has read-only access to build tasks.

    The following figure shows this role's permissions for CodeArts Repo.

    The following figure shows this role's permissions for CodeArts Build.

Once these roles are assigned, the available action buttons within code repositories and build tasks under the test project will differ for each user, reflecting their configured permissions. You can validate these permissions directly within the relevant task and adjust them for more granular control.

Configuring Task-level Roles and Permissions

When creating or editing a build task, open the Permissions tab. CodeArts Build allows you to assign or adjust roles and permissions for that specific task. You can toggle on Use Project Permissions to apply project-level settings.