Help Center/ CodeArts Artifact/ User Guide/ Self-Hosted Repos 2.0/ Configuring Repository Permissions
Updated on 2025-08-05 GMT+08:00

Configuring Repository Permissions

By default, new users in self-hosted repos have no permissions. You need to add them to a project and assign roles to them. Each role has different permissions. You can view role permissions on the CodeArts Artifact permissions page and edit user permissions as needed.

Constraints

  • By default, project administrators have all permissions and their permission scope cannot be modified.
  • Custom roles created in CodeArts Artifact do not have preset permissions. You can contact the project administrator to configure roles and permissions on corresponding resources.
  • By default, the project administrator, project manager, and test manager can assign permissions for other roles in self-hosted repos. If other roles can assign permissions, they can continue to manage permissions for other roles in self-hosted repos.

Prerequisites

  • You have created a project.
  • You have added CodeArts project members and assigned roles to them. For details, see Adding Project Members.
  • To assign permissions to other roles in the self-hosted repo, you must have the Privilege Config permission. By default, the project administrator, project manager, and test manager roles have this permission.

Configuring Repository Permissions

  1. A user with the permission configuration privilege accesses the self-hosted repo.
  2. Choose Settings > General > Permissions from the navigation pane. The Permissions page is displayed.
  3. Click the role for which you want to set permissions, choose CodeArts Artifact, click Edit to select permissions as required, and click Save.

    Table 1 Project-level permissions

    Role/Operation

    Create a repository

    Edit a repository

    Delete a repository

    Restore

    Permanently delete

    Restore all

    Clear all

    Upload a package

    Download/View a package

    Delete/Redeploy uploaded packages

    Project manager

    Product manager

    Test manager

    Operation manager

    System engineer

    Committer

    Developer

    Tester

    Participant

    Viewer

    Project administrator

    • Tenant administrators (IAM user with the Tenant Administrator permissions) can manage all projects of a tenant. Project creators who are not tenant administrators have the permissions listed in the preceding table.
    • IAM users created without being added to any groups do not have permissions. Administrators can assign permissions to these users on the IAM console. Then users can use cloud resources in the account based on the assigned permissions.
    • Custom roles do not have preset permissions. You can contact the administrator to grant permissions for the resources needed for your role.

Managing Repository Permissions

CodeArts Artifact allows you to configure permissions on all self-hosted repos in a project. For details, see Configuring Repository Permissions.

You can also configure permissions for a single self-hosted repo.

To add or remove permissions for self-hosted repo members, perform the following steps:

  1. Go to the self-hosted repo page and select the target repository from the list.
  2. Click Settings on the right of the page.
  3. Click the Repository Permissions tab. The roles in the current project are displayed.
  4. In the Roles, select or deselect permission items of the target role, and click Save.

    • By default, created self-hosted repos connect with the role permission of Permissions in Settings in the project. Any changes made to these role permissions in Permissions will be synced to the repo's permissions.
    • If you do not change the repository permission of a role in the self-hosted repo, any changes made on the Permissions page will be synchronized to the repository permission of the self-hosted repo as well.
    • If you change the repository permission of a role directly in the self-hosted repo, any changes made on the Permissions page will not be synchronized to the repository permission of the self-hosted repo. You need to change the permission of the role in the repo itself.