DevOps Loop: Deploy security management
You can manage platform-specific roles and permissions in Deploy.
Default platform roles for Deploy
Some of the platform-specific default roles are available. These roles have matching default users:
- The Platform Admin role includes all
permissions, except the Cloud Connections permission. Open ID Connect (OIDC)
users with the ROLE_ADMIN OIDC role are mapped with the Platform
Admin Deploy role. It is appropriate for platform
administrators. Note: If you are an admin user in the platform and a member of a loop. In Deploy, you are given the same privileges as the owner of the loop.
- The Platform System User role is also similar to the administrator role. OIDC users with the ROLE_SYSTEM OIDC role are mapped to the Platform System User Deploy role. The Platform System User role has the View Bulk Reports permission in addition to other admin-level permissions.
- The Platform User role has all view permissions on the server. OIDC users with the ROLE_USER OIDC role are mapped to the Platform User Deploy role on the Deploy system team. OIDC adds or removes a user to the Platform User group based on OIDC roles on login. It is appropriate for users to allow them to manage applications and components.
Note: Although the platform roles are present and visible in the
system, you must not directly change the role memberships in Deploy. These roles
exist to support the OIDC roles and their memberships are maintained through the
Loop platform APIs.
Server configuration permissions in Deploy
The following platform-specific permissions are required for server configuration:
| Permission | Description |
|---|---|
| Manage Loops | Allows you to create and manage loops. |
| Manage Team Spaces | Allows you to create and manage teamspaces. |
Loop teams in Deploy
When you create a loop for a teamspace in DevOps Loop, the platform automatically creates a team for the teamspace’s loop in Deploy teams. The new team is indicated as follows:
teamspacename~loopname
You can use this loop definition for creating an application or a component. Any application or component that's in a loop is only accessible to the team that's associated with the loop.