A permission is an authorization granted to a user to perform particular operations. Permissions are granted to a user within a role, but not directly.
A role is a set of permissions which defines the level of access for a user to particular functionality and operations.
Permissions that let users perform administrative operations in YouTrack are provided by the Hub service. Permissions for the Hub service are divided in two categories:
Global permissions are granted at the global scope and do not depend on a specific project. For example, you cannot grant permission to create user accounts in a single project, you can do it only in the system-wide scope. Global permissions are marked with a
globalbadge in the list of permissions.
Per-project permissions allow actions related to a specific project. For example, a role with the Read Project Basic permission grants users and groups access to view project properties and content for a specific project. If these users don't have the Read Project Basic permission for other projects in YouTrack, they don't have access to them.
The permissions that are listed on this page are used by the built-in Hub service to regulate access to administrative actions. For a list of permissions that grant access to work with the entities that are managed in the YouTrack service, see YouTrack Permissions.
Permission Updates for YouTrack 2021.2
The 2021.2 release incorporates changes made to the permission scheme for the built-in Hub service. The following table lists the changes that were applied in this update:
The granular access that was previously granted by these separate roles has been replaced with a single Manage Role permission.
In situations where a subset of these three permissions were granted to a role, the permission assignments are removed during the upgrade to YouTrack version 2021.2.
The permission to view roles is still managed by the Read Role permission.
These permissions have been removed from Hub. Access to services that are connected to Hub are now managed as follows:
In situations where any of these permissions were granted to a role, the permission assignments are removed during the upgrade to YouTrack version 2021.2.
|Read Self||This permission has been removed from Hub. All users are granted implicit permission to view all profile attributes for their own accounts, including custom attributes and authorization details.|
The following permissions are not related to specific entities in the system. These permissions are available at the global level.
|Low-level Admin Read||Read-only access to low-level administrative settings. Includes permission to view integrations with third-party services and metrics.|
|Low-level Admin Write||Manage low-level administrative actions. Includes permission to integrate with third-party services and back up the database. Implies Low-level Admin Read.|
The following permissions grant access to group-related actions. Groups are used as resources in a project. These permissions are all available at the per-project level.
|Create Group||Create new groups.|
Implies Read Group.
View the list of groups and read group properties. When combined with other permissions, the following access rights are granted:
Edit group properties. When combined with other permissions, the following access rights are granted:
Implies Read Group.
The following permissions grant access to project-related actions.
The Create Project permission is granted at the global level.
All other project-related permissions are granted on a per-project basis.
|Create Project||Create new projects.|
Implies Read Project Full.
|Read Project Basic|
View basic project properties and content. When combined with other permissions, the following access rights are granted:
Basic project properties include the name, description, logo, and project owner.
|Read Project Full|
View all project properties and content. When combined with other permissions, the following access rights are granted:
Implies Read Project Basic.
Edit project properties and content, manage resources.
Implies Read Project Full.
The following permissions grant access to role-related actions. These permissions are all available at the global level.
Modify the permission scheme using any of the following operations:
Implies Read Role
View the list of roles and the set of permissions that are assigned to each role. When combined with other permissions, the following access rights are granted:
The following permissions grant access to user-related actions. These permissions all available at the global level.
|Create User||Create new user accounts. Invite users to register their own accounts.|
Delete user accounts.
Implies Read User Full.
|Read User Basic|
View the list of registered users and read the ID, username, name, and avatar for each user. With Update Group, users can manage group memberships.
Users who don't have permission to read this information only see anonymized versions of other user accounts in the system. To learn more, see Anonymized Users.
|Read User Full|
View all properties for all registered users, including authorization details.
Implies Read User Basic.
Edit own profile data.
Edit user profile data. Ban, merge, and anonymize user accounts.
Implies Update Self and Read User Full.