Overview

CodeArts offers role-based permissions management to facilitate project development from start to finish.

CodeArts presets multiple system roles and allows you to customize roles and permissions. You can save the roles and permissions in a project as a permission template and apply the template to other projects. You can also adjust the role permissions for your projects as needed.

This practice describes how to configure permissions for IPD project members. In addition to reusing the system roles of CodeArts, the practice customizes roles with required permissions. You can refer to this practice to configure permissions for members of different roles in your project, save the permissions as a template, and reuse the template in other projects.

Solution Architecture

The following figure shows the project architecture. There are nine teams in the project team.

Figure 1 DevOps role architecture
Click to enlarge

The responsibilities and required permissions of each role in the preceding architecture are described in the table below.

**Table 1** Role responsibilities and permissions
Team	Role	Responsibility	Required Permission	Authorization
/	Project manager	Develops overall project plans. Specifies the responsibilities and tasks of each role and assigns permissions to the roles.	Edit project Set members of all roles and assign them permissions	Configuring Permissions for the Project Manager Role
R&D team	R&D leader	Plans and assigns R&D tasks. Tracks R&D progress, coordinates resources, and solves technical problems during development. Participates in major technical decision-making.	Manage code branches, including but not limited to adding and deleting branches Review code, including but not limited to scoring code	Configuring Permissions for the R&D Team
R&D team	Developer	Develops code based on the main branch, including coding, unit testing, bug fixing, and continuous optimization. Participates in technical solution review, document writing, and code review. Continuously optimizes code quality and system performance.	View code repositories Create code branches Create merge requests	Configuring Permissions for the R&D Team
Middle-end team	R&D leader (middle-end)	Designs the architecture of the middle-end system and manages the development. Plans and promotes the reuse of middle-end capabilities, and builds general services that can be shared across business lines.	Manage code branches, including but not limited to adding and deleting branches Review merge requests Assign requirements	Configuring Permissions for the Middle-end Team
Middle-end team	Developer (middle-end)	Develops and maintains middle-end services. Keeps the middle-end system stable, scalable, and reusable.	View code repositories Create code branches Create merge requests	Configuring Permissions for the Middle-end Team
Architecture team	Architecture leader	Leads the design and evolution of the technical architecture, and formulates technical specifications and development standards. Streamlines and selects architectures across teams. Optimizes the system for high availability, scalability, performance, and security.	Manage code repositories, including but not limited to adding and deleting branches Review merge requests Assign requirements	Configuring Permissions for the Architecture Team
Architecture team	System engineer	Participates in architecture design, technical research, and implementation. Writes architecture documents, evaluates system design, and provides technical support.	View code repositories Create code branches Create merge requests	Configuring Permissions for the Architecture Team
Test team	Test manager	Establishes the test process and coordinates test resources. Develops test strategies, including functions, performance, and security, and promotes automated testing.	Create test plans Deploy, update, delete, and view test cases Create, modify, and delete mind maps Generate test reports NOTE: Test managers do not require edit access to code repositories but must have view access for white-box testing.	Configuring Permissions for the Test Team
Test team	Tester	Writes test cases, executes test plans, records bugs, and pushes for bug fixing. Develops test scripts and automated testing tools to enhance product quality.	Maintain test cases Deploy, update, and view test cases Create, modify, and delete mind maps NOTE: Testers do not require edit access to code repositories but must have view access for white-box testing.	Configuring Permissions for the Test Team
PO team	Product leader	Maintains product features and analyzes requirements. Assigns tasks to product team members.	Maintain raw requirements (RRs), initial requirements (IRs), and user stories (USs) Manage version requirements and feature iterations	Configuring Permissions for the PO Team
PO team	Product manager	Maintains product features and analyzes RRs and IRs. Synchronizes requirements between product and R&D teams, and organizes IR and US review meetings.	Maintain RRs, IRs, and USs	Configuring Permissions for the PO Team
PM team	Project management leader	Develops overall project plans, tracks progress, and organizes regular meetings. Coordinates R&D, test, and business resources for the project.	Maintain test plans	Configuring Permissions for the PM Team
PM team	Project management team member	Tracks project execution status and writes project documents. Identifies project risks and develops solutions to keep work on track.	Maintain test plans	Configuring Permissions for the PM Team
Big data team	Big data leader	Builds a big data platform, governs data, and designs and plans the data architecture. Aligns business data requirements with the platform capabilities, and continuously optimizes the platform.	Manage code repositories, including but not limited to adding and deleting branches Review merge requests Assign requirements	Configuring Permissions for the Big Data Team
	Big data product manager	Plans and designs data products, and outputs feasible data requirement solutions. Assists business departments in understanding data capabilities, and promotes data-driven decision-making.	Maintain RRs, IRs, and USs
	Big data developer	Develops data collection, cleansing, modeling, and service APIs. Maintains the data warehouse architecture, and optimizes data processing and query.	View code repositories Create branches Create merge requests
O&M team	O&M leader	Develops the infrastructure O&M system with O&M processes and emergency plans. Promotes automated O&M, and improves the monitoring system and fault response mechanism.	Maintain and build pipelines	Configuring Permissions for the O&M Team
	O&M engineer	Executes deployment, change, and maintenance tasks, and participates in development of the automated O&M platform. Assists in handling various emergencies during service operation.	Execute pipelines
	On-call engineer	Handles alarms, inspects systems, and responds to emergencies. Keeps systems run stably, and reports and handles any issues that arise.	No CodeArts permission required
DBA team	DBA leader	Designs the database architecture, plans the capacity, and formulates and implements data security policies. Develops database standards and review specifications.	Pipeline-related permissions (for SQL automation)	Configuring Permissions for the DBA Team
DBA team	DBA team member	Maintains databases, backs up and restores data, optimizes SQL statements, and troubleshoots faults. Collaborates with developers on data modeling and performance optimization.	Pipeline-related permissions	Configuring Permissions for the DBA Team
Security group	Security architect	Designs and implements information security architecture to enhance system, network, and application security. Identifies and evaluates security risks, and develops mitigation strategies. Monitors and improves the security architecture to cope with changing security threats and technical environments.	View code repositories Create branches Create merge requests	Configuring Permissions for the Security Team

Advantages

Extended CodeArts role matrix
This practice extends the system role matrix of CodeArts by adding more roles. For example, in addition to the developer role of CodeArts, you can also add the R&D leader and developer roles to facilitate your project development. You can assign permissions to different roles so that they can complete their tasks.
Permission templates
You can save the project roles and permissions in this practice as a template, and reuse the template in other projects with small changes.

Constraints

To complete this practice, you must have the Tenant Administrator role. After this practice, your project members who have the DevUC > project-role > privilegeconfig permission can modify the permission matrix on the Permissions page.
For details about how to grant the Tenant Administrator role to a user, see Creating a User Group and Assigning Permissions.
This practice uses an IPD-system device project (currently available in AP-Singapore) as an example. Purchase a CodeArts Pro package in advance by referring to Enabling CodeArts Pro.

Concepts

Middle-end team: Builds and maintains a middle-end system to share an enterprise's reusable service capabilities, data, and technical resources with the frontend.
Middle-end system: A key part of an enterprise's IT architecture. It reuses and shares service capabilities, data, and technical resources to improve operational efficiency and service quality. The middle-end system can be divided into multiple layers, such as the business, data, and technical layers. These layers have different functions and roles.

Parent topic: Configuring CodeArts Permissions

Previous topic: Configuring CodeArts Permissions

Next topic: Implementation Procedure