A permission is an authorization that allows to a user to perform a particular operation. In Hub, you can only assign permissions to a role. You cannot grant permissions directly to a user or group.
A role is a collection of permissions that defines access to to Hub and service-specific features.
Permissions in Hub can be divided in two categories:
- Hub permissions authorize a user to perform an operation in Hub. For example, create a project or update a resource in a connected service.
- Service-specific permissions authorize a user to perform an operation in a connected service. These permissions are usually imported to Hub when the data is synchronized with the service.
All permissions in Hub are divided into two sub-categories:
- Global permissions are not dependent upon a specific project. Any user who is assigned a role that contains the permission can perform the operation. For example, a user with permission to create new user accounts can do so without being assigned to a specific group or project. Permissions that are imported from an external service can also be assigned to a role at the global level.
- Per-project permissions are granted to users who are assigned to a specific project. 'Create Project' or 'Read User Group' are examples of per-project permissions.