What are system roles?

To help you on the governance and access control, Digibee provides a series of predefined system roles that can only be modified by Digibee. These roles cover several responsibilities in the Platform in a granular way to aid in the composition of group permissions. The sum of all roles gives full access to the Platform.

The system roles have the following archetypes applied in their specific contexts::

Builder: can execute a task from end-to-end.

Viewer: can only read (visualize) tasks and other information, according to the given context.

Publisher: can publish, deploy or make Capsules publicly available.

Manager: has full access to the platform.

The following table shows all system roles and their respective permissions:

Role Name

Permission

ACLs

Account Manager

Account - read, create, update, delete

Audit - read

Global - read, create, update, delete

Relation - create, read, update, delete

User - read

Oauth - create, update, delete

ACCOUNT:CREATE

ACCOUNT:DELETE

ACCOUNT:READ

ACCOUNT:UPDATE

AUDIT:READ

GLOBAL:CREATE

GLOBAL:DELETE

GLOBAL:READ

GLOBAL:UPDATE

RELATION:CREATE

RELATION:DELETE

RELATION:READ

RELATION:UPDATE

USER:READ

OAUTH:CREATE

OAUTH:DELETE

OAUTH:UPDATE

Account Viewer

Account - read

Audit - read

Global - read

Relation - read

User - read

ACCOUNT:READ

AUDIT:READ

GLOBAL:READ

RELATION:READ

USER:READ

Api Key Manager

API Key - read, create, update, delete, create api key, delete api key

Audit - read

User - read

APIKEY:CREATE

APIKEY:CREATE:ACL

APIKEY:CREATE:APIKEY

APIKEY:DELETE

APIKEY:DELETE:APIKEY

APIKEY:READ

APIKEY:UPDATE

AUDIT:READ

USER:READ

Api Key Viewer

Consumer - read

Audit - read

User - read

APIKEY:READ

AUDIT:READ

USER:READ

Audit Viewer

Audit - read

AUDIT:READ

Capsule Builder

Account - read

Capsule - read create, update, delete,, create group, create header, update header, delete header

Global - read

Relation - read

Test mode - execute

ACCOUNT:READ

CAPSULE:CREATE

CAPSULE:CREATE:GROUP

CAPSULE:CREATE:HEADER

CAPSULE:DELETE

CAPSULE:DELETE:HEADER

CAPSULE:READ

CAPSULE:UPDATE

CAPSULE:UPDATE:HEADER

GLOBAL:READ

RELATION:READ

TEST-MODE:EXECUTE:CAPSULE

Capsule Manager

Capsule - read create, update, delete, create group, update group, delete group, create header, update header, delete header

Replica - read

Test mode - execute capsule

CAPSULE:CREATE

CAPSULE:CREATE:GROUP

CAPSULE:CREATE:HEADER

CAPSULE:DELETE

CAPSULE:DELETE:HEADER

CAPSULE:READ

CAPSULE:UPDATE

CAPSULE:UPDATE:HEADER

REPLICA:READ

TEST-MODE:EXECUTE:CAPSULE

CAPSULE:DELETE:GROUP

CAPSULE:UPDATE:GROUP

CAPSULE:CREATE:COLLECTION

Capsule Publisher

Capsule - update publish

CAPSULE:UPDATE:PUBLISH

Deployment Manager

Configuration - read, create, update

Deployment - read, create, update, delete, redeploy

User - read list JWT, create generate JWT, delete revoke JWT, read open auth config

CONFIGURATION:CREATE

CONFIGURATION:READ

CONFIGURATION:UPDATE

DEPLOYMENT:CREATE

DEPLOYMENT:CREATE:REDEPLOY

DEPLOYMENT:DELETE

DEPLOYMENT:EXECUTE

DEPLOYMENT:READ

USER:READ:LIST-JWT

USER:CREATE:GENERATE-JWT

USER:DELETE:REVOKE-JWT

USER:READ:OPEN-AUTH-CONFIG

Deployment Viewer

Configuration - read

Deployment - read

CONFIGURATION:READ

DEPLOYMENT:READ

Global Manager

Global - read, create, update, delete

GLOBAL:CREATE

GLOBAL:DELETE

GLOBAL:READ

GLOBAL:UPDATE

Global Viewer

Global - read

GLOBAL:READ

Groups Manager

Group - read, create, update, delete, read permission

User - read permission, read inactive permission, update assign group

Permission - read

GROUP:CREATE

GROUP:READ

GROUP:READ:PERMISSION

GROUP:UPDATE

GROUP:DELETE

USER:UPDATE:ASSIGN-GROUP

USER:READ:PERMISSION

USER:READ:INACTIVE-PERMISSION

PERMISSION:READ

SAML-GROUP-MAPPING:CREATE

SAML-GROUP-MAPPING:READ

SAML-GROUP-MAPPING:UPDATE

SAML-GROUP-MAPPING:DELETE

Logs Viewer

Log - read

Message - read

Stats - read

LOG:READ

MESSAGE:READ

STATS:READ

Multi instance Manager

Multi-instance - read, create, update, delete

REPLICA:READ

REPLICA:CREATE

REPLICA:UPDATE

REPLICA:DELETE

Multi instance Viewer

Multi-instance - read

REPLICA:READ

Metrics Viewer

Metric - read

METRIC:READ

Pipeline Builder

Account - read

Configuration - read, create, update

Consumer - read

Global - reads

Pipeline - read, create, update, read history

Project - read

Relation - read

Replica - read

Test mode - execute

ACCOUNT:READ

CONFIGURATION:CREATE

CONFIGURATION:READ

CONFIGURATION:UPDATE

APIKEY:READ

GLOBAL:READ

PIPELINE:CREATE

PIPELINE:READ

PIPELINE:READ:HISTORY

PIPELINE:UPDATE

PROJECT:READ

RELATION:READ

REPLICA:READ

TEST-MODE:EXECUTE

Pipeline Executor

Deployment - execute

DEPLOYMENT:EXECUTE

Pipeline Manager

Account - read

Configuration - read, create, update

Consumer - read

Global - read

Pipeline - read, create, update, delete, read history

Project - read, update link with pipeline

Relation - read

Replica - read

Text mode - execute

ACCOUNT:READ

CONFIGURATION:CREATE

CONFIGURATION:READ

CONFIGURATION:UPDATE

APIKEY:READ

GLOBAL:READ

PIPELINE:CREATE

PIPELINE:DELETE

PIPELINE:READ

PIPELINE:READ:HISTORY

PIPELINE:UPDATE

PROJECT:READ

PROJECT:UPDATE:LINK-WITH-PIPELINE

RELATION:READ

REPLICA:READ

TEST-MODE:EXECUTE

Projects Manager

Audit - read

Project - read, create, update, delete, update link with pipeline

Permission - read

AUDIT:READ

PROJECT:CREATE

PROJECT:DELETE

PROJECT:READ

PROJECT:UPDATE

PROJECT:UPDATE:LINK-WITH-PIPELINE

PERMISSION:READ

Relationship Manager

Relationship - read, create, update, delete

RELATION:READ

RELATION:CREATE

RELATION:UPDATE

RELATION:DELETE

Relationship Viewer

Relationship - read

RELATION:READ

Roles Manager

Role - read, create, update, delete

Permission - read

ROLE:CREATE

ROLE:READ

ROLE:UPDATE

ROLE:DELETE

PERMISSION:READ

Running Executions Manager

Running Execution - read, cancel

INFLIGHT:CANCEL

INFLIGHT:READ

Running Executions Viewer

Running Execution - read

INFLIGHT:READ

Users Manager

User - read, create, update, delete

Permission - read

USER:CREATE

USER:DELETE

USER:READ

USER:UPDATE

PERMISSION:READ

How to use system roles

Go to the Group screen at the settings page, then access an existing group or create a new one. Select the Permissions tab, add a new bond/link, choose one of the system roles and save the record.

If the system roles don’t fully meet your needs, it’s possible to use the Duplicate feature to create a system role copy and modify it.

To do so, go to the Roles screen at the settings page, then access a system role and click on the Duplicate button (the new role’s name will be the same as the original one, plus the "copy" sufix). Modify as needed and save the new role.

Default groups

To make the adoption of system roles even easier, each Realm comes with pre-defined groups named default groups. These groups have several profiles which we believe to cover the most common scenarios of the Platform’s users.

Next, we will introduce you the default groups and their respective system roles:

Developers

The group responsible for building integrations through pipelines, capsules and collections. Includes the following system roles: Pipeline Builder, Capsule Builder, Pipeline Manager e Deployment Viewer.

Deployers

The group responsible for the deployment of pipelines and the management of their execution. Includes the following system roles: Deployment Manager e Deployment Viewer.

Access Managers

The group responsible for the data security and access management, such as API keys, tokens, passwords or access permissions on the Platform. Includes the following system roles: Users Manager, Roles Manager, Groups Manager e Projects Manager.

Governance Managers

The group responsible for the organization, standardization and good practices during the integration building process. It ensures the Developers have what they need to work in a scalable and structured manner. Includes the following system roles: Account Viewer, Global Manager, Global Viewer, Capsule Manager, Capsule Publisher, Pipeline Manager, Audit Viewer, Multi instance Manager, Multi instance Viewer, API Key Manager, API Key Viewer, Relationship Manager e Relationship Viewer.

Credential Managers

The group responsible for keeping passwords, client secrets, tokens and API keys safe, up to date and with the proper access permissions. Includes the following system roles: Account Manager e API Key Manager.

Support

The group responsible for analyzing the health and performance of the deployments to offer operational support or to make business decisions. Includes the following system roles: Pipeline Logs Viewer, Pipeline Metrics Viewer, Running Executions Manager, Running Executions Viewer e Pipeline Executor.

How to use default groups

Access the Groups screen, select a default group and associate users. The default groups can be modified or deleted. If you have a group missing, it could be because a Realm’s user deleted it. In this case you can contact the support team to request new pre-defined groups.

Feedback

We would love to know your thoughts and suggestions about this feature. Take a look at how easy it is to send your feedback:

Did this answer your question?