Roles

Project Group Roles and Permissions

The project group creator is the Owner by default.
Master has all the permissions of the Owner, except for the project group deletion permission.
Developer and Viewer have only view permissions.

Category	Permission	Owner	Master	Developer	Viewer
Project Group	View	○	○	○	○
	Edit	○	○
	Delete	○
Project	Create	○	○
	View	○	○	○	○
Member	Add	○	○
	View	○	○	○	○
	Delete	○	○

Table. Permissions for each role in the project group

Roles are divided into Owner, Master, Developer, and Viewer.
Viewer can only view.
Developer can create and delete development-related features.
- Examples) Build pipeline, Helm chart, deployment
Owner/Master can view, create, and delete all features in the project.
Project roles inherit the project group roles.
Even if a user is not registered as a project member, they can perform the role in the project if they are a member of the project group.
When the same user has different roles in the project and project group, the project role takes priority.
- In other words, you can limit the authority of a project group member in a specific project.
Example) If you want to restrict the Master role of a project group from having Master permissions in a specific project, you can register them as a project member and grant them Developer or Viewer permissions.

Category	Permission	Owner	Master	Developer	Viewer
Dashboard	View	○	○	○	○
Build Pipeline	View	○	○	○	○
	Import	○	○	○
	(Development) Create/Add	○	○	○
	(Development) Run	○	○	○
	(Development) Edit	○	○	○
	(Development) Delete	○	○	○
	(Operation) Create/Add	○	○
	(Operation) Run	○	○
	(Operation) Edit	○	○
	(Operation) Delete	○	○
Helm Install	(Development) Install	○	○	○
	(Operation) Install	○	○
Project	Edit	○	○
	Delete	○

Table. Permissions for each role in the project (1)

Large Category	Small Category	Permission	Owner	Master	Developer	Viewer
Kubernetes Deployment	Helm Release	(Development) View	○	○	○	○
		(Development) Upgrade	○	○	○
		(Development) Rollback	○	○	○
		(Development) Delete	○	○	○
		(Operation) View	○	○	○	○
		(Operation) Upgrade	○	○
		(Operation) Rollback	○	○
		(Operation) Delete	○	○
		Import	○	○
	Ingress/Service	Create/Edit/Delete	○	○
	Blue/Green	(Development) Create/Edit/Delete	○	○
		(Operation) Create/Edit/Delete	○	○
	Canary	(Development) View	○	○	○	○
		(Development) Create/Delete	○	○	○
		(Operation) View	○	○	○	○
		(Operation) Create	○	○
		(Operation) Delete	○	○
	Istio	(Development) View	○	○	○	○
		(Development) Create/Edit/Delete	○	○	○
		(Operation) View	○	○	○	○
		(Operation) Create/Edit	○	○
		(Operation) Delete	○	○
	Workload	(Development) View	○	○	○	○
		(Development) Create/Delete/Rollback	○	○	○
		(Operation) View	○	○	○	○
		(Operation) Create/Rollback	○	○
		(Operation) Delete	○	○
Code Repository/Code Quality/Artifact Repository/Image Repository		View	○	○	○	○
		Create	○	○	○
		Delete	○	○

Table. Permissions for each role in the project (2)

Jenkins System Permissions
- Access permissions are granted according to the project permission system in DevOps Console.
  - Refer to Table. Jenkins system permissions for each project role
- Permissions are granted to Jenkins pipelines based on project roles.
- Other tools can set permissions in their respective menus.

Category	Permission	Owner	Master	Developer	Viewer
(Folder) Project Group	Folder View	○	○	○	○
(Folder) Project	Credential View	○	○	○	○
	Credential Create/Edit/Delete	○	○
	Folder View	○	○	○	○
	Folder Create
	Folder Settings
	Folder Delete	○	○
(Folder) Type	(Development) Folder View	○	○	○
	(Development) Pipeline Create
	(Development) Folder Settings
	(Development) Folder Delete	○	○	○
	(Operation) Folder View	○	○
	(Operation) Pipeline Create
	(Operation) Folder Settings
	(Operation) Folder Delete	○	○
Pipeline	(Development) Pipeline View	○	○	○
	(Development) Pipeline Settings	○	○	○
	(Development) Pipeline Delete	○	○	○
	(Development) Pipeline Build	○	○	○
	(Operation) Pipeline View	○	○
	(Operation) Pipeline Settings	○	○
	(Operation) Pipeline Delete	○	○
	(Operation) Pipeline Build	○	○

Table. Jenkins system permissions for each project role

Large Category	Small Category	Permission	System Administrator	Administrator (Tenant Manager)	User (Project Group Owner)
Tool	System Tool	Register/Edit/Delete	○
		Add/Edit Tenant	○
		Delete Tenant	○	○
		Add/Edit Cluster	○
		Delete Cluster	○	○	○
	Tenant Tool	Register/Edit/Delete	○	○
		Add/Edit/Delete Tenant	○	○
	Project Group Tool	Register/Edit/Delete	○		○
		Add/Edit/Delete Tenant	○		○

Table. System roles and permissions (1)

Large Category	Small Category	Permission	System Administrator	Administrator (Tenant Manager)	User (Project Group Owner)
App. Template	System Template	Register/Edit/Delete	○
		Add/Edit Tenant	○
		Delete Tenant	○	○
		Add/Edit/Delete Image	○
		Add/Edit/Delete Helm Chart	○
	Tenant Template	Register/Edit/Delete	○	○
		Add/Edit/Delete Image	○	○
		Add/Edit/Delete Helm Chart	○	○
	Project Group Template	Register/Edit/Delete	○		○
		Add/Edit/Delete Image	○		○
		Add/Edit/Delete Helm Chart	○		○
Helm Chart Management	System Helm Chart	Add/Edit/Delete	○
	Tenant Helm Chart	Add/Edit/Delete	○	○
	Project Group Helm Chart	Add/Edit/Delete	○		○
Project Group		Create	○	○	○

Table. System roles and permissions (2)