Setting server configuration security
Set the server configuration permissions to define what users can do with the HCL DevOps Deploy (Deploy) server security, also referred to as system security. Typically, these permissions are granted to administrative roles.
The following server configuration permissions are available:
Permission | Description |
---|---|
Add Team Members | Add users to roles that have the same or fewer permissions than those of the granting user. |
Bulk Manage Cleanup | Allows users to view, and edit the cleanup settings of multiple components and environments from the Cleanup Configuration page. |
Create with Team Assignment | Grants users the ability to add any additional team and type combination to an object if they have the Create permission on atleast one team/type mapping. |
Edit Basic System Settings | Enables users to edit the options on the System Settings page. See, System settings. This activity is written to the audit log. |
Edit Network Settings | Grants users the permission to access the Network page and manage servers in a server cluster. |
Manage Audit Log | Grants users the permission to manually cleanup the audit log, and configure automatic cleanup settings. If you have this permission but not the edit basic settings permission, you can edit the audit cleanup settings from the Audit Log page. This activity is written to the audit log. |
Manage Auth Token Restrictions | Create, modify and delete token restrictions. See, Restricting authentication tokens |
Manage Diagnostics | Enable users to access the diagnostics information including the Rest Call Log, Java Thread dumps, and Metadata indexing. This activity is written to the audit log. |
Manage Java Packages | Allows users to add and delete Java packages. |
Manage Logging Settings | Grants users the permission to view the Logging page and edit the log4j configuration. This activity is written to the audit log. |
Manage Maintenance Mode | Allows users to enable maintenance mode. |
Manage Notifications Schemes | Enable users to manage notification schemes used for notification emails. See, Creating Notifications in a Notification Scheme. This activity is written to the audit log. |
Manage Plug-ins | Grants users the permission to install new plug-ins; see Installing plug-ins. Install and delete activities are written to the audit log. |
Manage Resource Roles | Grants users the permission to create and delete resource roles, which are created by some plug-ins. In most cases, you do not need to add or change resource roles because they are used internally. |
Manage Security | Grants users the permission to manage security configuration, including roles, authentication realms, authorization realms, and tokens. Users without this permission cannot access or change the security functions. This activity is written to the audit log. |
Manage Statuses | Grants users the permission to create and edit version, inventory, and snapshot statuses. |
Manage System Properties | Grants users the permission to create and edit system properties. This activity is written to the audit log. |
Manage Tags | Grants users the permission to create and edit tags. Users can apply tags only if they have the Edit Basic System Settings permission enabled. |
Read Artifact Set List | Enables agent relays to use component version replication by status. Assign a user with this permission to an authentication token intended for an agent relay. |
Read Z Inventory | Grants users the permission to perform z/OS inventory search filter. |
Release Locks | Enables users to manually release any locks currently held. See, Managing locks. This action is written to the audit log. |
Run Deployment Triggers | Grants users permission to run the deployment from deployment triggers. The user will need to have the required permissions and roles as if they were executing the deployment manually. |
Run Processes in Maintenance Mode | Allows users to execute a new deployment while the maintenance mode is enabled. |
View Audit Log | Grants users the permission to view the Audit Log page and download log files. This activity is written to the audit log. |
View Basic System Settings | Enables users to view the options on the System Settings page. See, System settings. |
View Bulk Reports | Enables users to view bulk reports. |
View Locks | Enables users to view any locks currently held. See, Managing locks. This action is written to the audit log. |
View Network Settings | Grants users the permission to access the Network page. |
View Output Log | Grants users the permission to view the Output Log page and download log files. This activity is written to the audit log. |
View Users | Enables users to view users activity. |
To add system security permissions to roles:
- Click Permissions Granted to Role Members page for the target role. to open the
- Use the toggle button to add appropriate permissions to the role.