ÃÛ¶¹ÊÓÆµ

Custom Permissions custom-permissions

Learn how you can use custom permissions to create custom permission profiles with configurable permissions to restrict access to programs, pipelines, and environments for Cloud Managers users.

Introduction introduction

Cloud Manager has a set of pre-defined roles which govern access to various Cloud Manager features:

  • Business Owner
  • Program Manager
  • Deployment Manager
  • Developer

Custom permissions let users create custom permission profiles with configurable permissions to restrict access for Cloud Managers users to programs, pipelines, and environments.

TIP
For details on pre-defined roles, see AEM as a Cloud Service Team and Product Profiles.

Using Custom Permissions using

To create and use your own custom permissions, it requires three steps:

This section details these steps. You may find it useful to see the Terms and Configurable Permissions sections as you create your own custom permissions.

NOTE
You must have product administrator rights in the Admin Console for ÃÛ¶¹ÊÓÆµ Experience Manager as a Cloud Service to create profiles and manage permissions for Cloud Manager.

Create a New Product Profile create

First create a product profile before to which you can assign custom permissions.

  1. Log into Cloud Manager at .

  2. On the Cloud Manager landing page, select the Manage Access button.

Manage Access button

  1. You are redirected to the Products tab of the Admin Console, where you can manage users and permissions for Cloud Manager. In the Admin Console, select the New Profile button.

New Profile button

  1. Provide the general details about the profile.

    • Product profile name - A descriptive name for the profile
    • Display name - An abbreviated name that is shown in the UI (options)
    • Description - An informative description of the profile explaining its purpose (optional)
    • Notify users by email - Users receive an email notification when they are added to or removed from this profile.
  2. Select Save when complete.

The new product profile is saved and is visible in the list of product profiles in the Admin Console.

Assign Custom Permissions to Profile assign-permissions

Now that you have a new product profile, you can assign custom permissions to it.

  1. In the Admin Console, select the name of the new product profile you created.

  2. In the window that opens, select the Permissions tab to view a list of editable permissions.

    Editable permissions

  3. Select the Edit link of a permission so you can edit it.

  4. The Edit Permission window opens.

    • The permission you selected in the previous step is selected in the left column.
    • The permission items available for assignment for the permission are in the middle column labeled Available Permission Items.
    • The assigned permission items are in the right column labeled Included Permission Items.

    Edit permission items

  5. Select the plus (+) icon next to the permission item so you can add it to the column Included Permission Items.

    • Select the i icon next to a permission item if you want to learn more about it.
  6. Select the Add all button at the top of the Available Permissions column so you can add all permissions.

  7. Select Save when you are finished defining the permission items for your new product profile.

Your new product profile is now saved with its custom permissions.

Assign Users to the Custom Permissions assign-users

You can now assign users to the new product profile you created with custom permissions.

  1. In the Admin Console, select the name of the new product profile to which you assigned custom permissions.

  2. In the window that opens, select the Users tab.

  3. Select the Add Users button and assign users to your new product profile with custom permissions.

See the section Add users and user groups to a product profile of the document for more details on how to use the Admin Console.

Configurable Permissions configurable-permissions

The following permissions are available for creating custom profiles.

Permission
Description
Program Create
Let users create a program.
Program Access
Let users access programs.
Program Edit
Let users edit programs.
Environment Create
Let users create an environment.
Environment Edit
Let users update and edit environments.
Environment Logs Read
Let users read environment logs.
Environment Variables Manage
Let users create/edit/delete environment configurations.
Environment Restore Create
Let users create an environment restore.
Rapid Development Environment Reset
Let users reset the Rapid Development Environment (RDE).
Content Copy Manage
Let users manage content copy operations.
Pipeline Create
Let users create pipelines.
Pipeline Delete
Let users delete pipelines.
Pipeline Edit
Let users edit pipelines.
Production Deployments Approve/Reject
Let users approve or reject a production deployment step.
Pipeline Executions Cancel
Let users cancel pipeline executions.
Pipeline Executions Start
Let users start a new pipeline execution.
Override/Reject Important Metric Failures
Let users override/reject important metric failures.
Production Deployments Schedule
Let users schedule a production deployment step.
Repository Info Access
Let users access repository info and generate an access password.
Repository Create
Let users create Git repositories.
Repository Delete
Let users delete Git repositories.
Repository Edit
Let users edit Git repositories.
Repository Code Generate
Let users generate a project from archetype.
Domain Name Manage
Let users create/edit/delete domain names.
IP Allowlist Manage
Let users create/edit/delete IP allowlist and IP allowlist binding.
Network Infrastructure Manage
Let users create/edit/delete network infrastructure.
SSL Certificate Manage
Let users create/edit/delete SSL certificate.
New Relic Sub Account User Manage
Let users read/edit New Relic subaccount users.

Organization-Level Permissions organization-level

Organization-level permissions refer to permissions which are always given across all programs in an organization.

The following permissions are organization-level permissions:

  • Program Create - This permission lets users create a program in the organization.

  • Reposi