Permission Management

CodeArts Artifact provides a permission model that contains the tenant, project, and instance levels.

The application scope of this model is as follows: tenant-level permissions > project-level permissions > instance-level permissions.

If the permission configuration in this model conflicts, this permission priority is used: instance-level > project-level > tenant-level.

Tenant-level Permissions

These permissions take effect for all projects in your account, including creating, deleting, and modifying projects, and creating workspaces.

By default, users with the Tenant Administrator permission have tenant-level permissions. You can also grant project permissions to users without this permission. After logging in to the CodeArts homepage with an authorized account, perform the following steps to authorize another account:

Log in to CodeArts homepage and click the username in the upper right corner of the navigation bar.
Choose All Account Settings.
Choose General > Project Creators.
Select Set some members to be able to create projects. The member list is displayed.
Enable or disable the authorization by clicking . Unauthorized members cannot create projects.

Project-level Permissions

These permissions take effect for the current project, including editing and archiving projects, configuring roles and permissions, and configuring members. You can also configure operation permissions for each service, including the permissions to create, submit, and copy raw requirements in CodeArts Req, and the permissions to commit and merge code in CodeArts Repo. These permissions take effect for all instances of the service.

CodeArts provides role-based access control (RBAC). By default, new users do not have permissions assigned. You need to add a user to a project, and assign roles to the user. The user then has the permissions specified in the roles and can perform specified operations on cloud services based on the permissions.

CodeArts provides 11 system roles for R&D processes, such as IPD and DevOps. You can also create custom roles and assign them different permissions.

**Table 1** Built-in project roles in CodeArts
Role Name	Description
Project administrator	The general owner of a project who manages all settings and members of the project, including creating, deleting, and modifying projects, assigning and canceling permissions of other roles.
Project manager	A primary owner of a project who manages requirements, plans, progress, and risks of the project, and coordinates work in the project team.
Product manager	Responsible for product design and planning, including defining product requirements, prototypes, and user stories, communicating and collaborating with developers and testers.
Test manager	Responsible for testing, including managing test plans, test cases, test execution, and bug tracking, guiding and supervising test personnel.
O&M manager	Responsible for project O&M, including project deployment, monitoring, and fault locating and rectification.
System engineer	Responsible for the system architecture and infrastructure of a project, including designing, setting up, and maintaining project resources such as servers, networks, and databases.
Committer	Reviews and merges code committed by developers.
Developer	Writes, commits, merges, and branches code, creates and runs services such as CodeArts Pipeline and CodeArts Build.
Tester	Executes test cases, reports bugs, and verifies fixes.
Participant	Participates in a project and creates work items.
Viewer	Views a project and cannot perform any operations in any services.