YouTrack InCloud 7.0 Help

Hub Permissions

A permission is an authorization granted to a user to perform particular operations. Permissions are granted to a user within a role, but not directly.

A role is a set of permissions which defines the level of access for a user to particular functionality and operations.

Permissions for the Hub application are divided in two categories:

  • Global permissions are granted at the global scope and do not depend on a specific project. For example, you cannot grant permission to create user accounts in a single project, you can do it only in the system-wide scope. Global permissions are marked with the globe icon (iconGlobe) in the list of permissions.
  • Per-project permissions allow actions related to a specific project. Read Project or Read User Group are examples of such permissions.

The following permissions are used by the built-in Hub service to regulate access to administrative actions.

Generic Permissions

The following permissions are not related to specific entities in the system. These permissions are available at the global level.

PermissionDescription
Low-level Administration iconGlobeManage low-level administrative actions. Includes permission to integrate with third-party services and back up the database.
Low-level Read Administration iconGlobeRead-only access to low-level administrative settings. Includes permission to view integrations with third-party services and metrics.

Authentication Module

The following permissions grant access to authentication module-related actions. These permissions are all available at the global level.

PermissionDescription
Create Auth Module iconGlobeAdd and enable a new authentication module.
Delete Auth Module iconGlobeDelete authentication modules.
Read Auth Module iconGlobeView the list of authentication modules. View the properties of an authentication module.
Update Auth Module iconGlobeModify the properties of an authentication module.

Project

The following permissions grant access to project-related actions.

PermissionDescription
Create Project iconGlobeCreate a new project.
Delete ProjectDelete projects.
Read ProjectView project properties and content. List project resources. This permission is required (with Read Role) to read the project roles of a user, group, or service.
Update ProjectEdit the properties and content of a project. Add and remove resources.

Project Role

The following permissions grant access to actions that link projects and roles. These permissions are all available at the per-project level.

PermissionDescription
Add Role in ProjectAssign a role to a user, group, or service the role in the project.
Remove Role in projectRemove the role assignment from a user, group, or service in the project.

Role

The following permissions grant access to role-related actions. These permissions are all available at the global level.

PermissionDescription
Create Role iconGlobeCreate a new role.
Delete Role iconGlobeDelete roles.
Read Role iconGlobeView the list of roles. View the set of permissions assigned to a role. This permission is required (with Read Project) to read the project roles of user, group, or service.
Update Role iconGlobeModify the properties of and set of permissions assigned to a role.

Service

The following permissions grant access to service-related actions. These permissions are all available at the global level.

PermissionDescription
Create Service iconGlobeRegister a new service.
Delete Service iconGlobeDelete services.
Read Service iconGlobeView the list of services. View the properties of a service. View service resources, permissions, and default roles.
Update Service iconGlobeModify the properties of a service. Create, update, or delete the resources, permissions, and default roles for a service.

User

The following permissions grant access to user-related actions. These permissions all available at the global level.

PermissionDescription
Create User iconGlobeRegister new users. Invite new users.
Delete User iconGlobeDelete user accounts.
Read Self iconGlobeSame as Read User, but only for the current user account.
Read User iconGlobeView the list of registered user accounts. Read user authorization details. This permission is required (with Update Group) to modify group membership for another user account.
Update Self iconGlobeSame as Update User, but only for the current user account.
Update User iconGlobeEdit the user name. Edit, create, or delete user profile data. Ban and merge user accounts.

User Group

The following permissions grant access to group-related actions. User groups are used as resources in a project. These permissions are all available at the per-project level.

PermissionDescription
Create User GroupCreate new user groups.
Delete User GroupDelete user groups.
Read User GroupView the list of user groups. View group properties. This permission is required (with Read User Group permission for the subgroup) to view subgroups. Required in combination with Read User to view the members of a group.
Update User GroupModify the properties of a user group. Required in combination with Update User Group for parent and child groups to add or remove subgroups. Required in combination with Read User to modify group memberships.
Last modified: 29 September 2016