Bamboo provides the following types of permissions to allow fully customizable control of access to the continuous delivery workflow:
- Global permissions
- Build plan permissions
- Project permissions
- Deployment permissions
- Deployment project permissions
- Deployment environment permissions
- Permission is set by default
- Permission is available as an option
- Permission not available, even as an option
On this page:
Some permissions are available for Bamboo DC only. They're marked with DATA CENTER flag.
Global permissions level control the ability to view the system, create a new build plan and use administration tools. Global application permissions are accessed from the Global permissions page within the Bamboo administration pages.
|User type||Access||Create||Create repository||Restricted admin||Admin|
- Access - log in to Bamboo; this permissions does not give you any additional permission.
- Create - create new plans, projects and deployment projects in Bamboo.
- Create repository - create and manage linked repositories.
- Restricted admin - perform some administration operations and view all plans in Bamboo; this role excludes permissions that directly influence the host on which the Bamboo Server is located.
Restricted Admins can't perform agent dedication by default. You can change that by setting the Allow users to dedicate agents to builds and deployments option in the Security Settings.
- Admin - perform all operations and view all plans in Bamboo.
Build plan permissions
Build plan permissions allow a user to control access to the functions of the build plan. These include viewing, editing, building, cloning and administering a build plan. Build plan level permissions are accessed from the build plan configuration page.
- View - view the plan and its builds; when creating a new plan, check the Allow all users to view this plan to allow anonymous and logged-in users view your plan.
- View configuration - view the configuration of the plan and its jobs. DATA CENTER
- Edit - view and edit the configuration of the plan and its jobs, not including permissions or stages.
- Build - trigger a manual build, or suspend and resume the plan.
- Clone - clone the plan.
- Admin - edit all aspects of the plan including permissions and stages.
Starting from Bamboo 6.9, to access any plans in a project you must have the View permission granted. Without the project View permission, you won't be able to see, run, or administer any plans.
Project permissions allow you to control access to project permissions and settings. See Configuring project permissions.
|User||View||Create plan||Create repository||Admin|
- View - access the project and plans or repositories for the project
Create plan - create plans for the project
- Create repository - create repository for the project. DATA CENTER
manage permissions for the project
manage permissions for all plans in a project
change project settings
Bamboo's deployments features allow you to control permissions for both deployment projects and deployment environments.
- View - view the project and its associated environments.
- View configuration - view the project configuration. DATA CENTER
- Edit - edit the project, its related plan and environment configuration, and create releases.
- View - view the environment. You must also have view permission on the deployment project.
- View configuration - view the environment configuration. DATA CENTER
- Edit - edit the environment configuration.
- Deploy - deploy releases to this environment and create releases for this project.
To ensure the consistency of Bamboo permissions, starting with Bamboo 6.3, we provide an update mechanism which will fix all inconsistencies for all permissions in your Bamboo environment. We have also modified all the pages where you can edit permissions in a way which won’t allow granting inconsistent or clashing permissions in the future.
If you want to revoke a lower-level permission for a user, you must revoke the higher-level permissions first. Also, when granting a higher-level permission to a user, all relevant lower-level permissions will be granted automatically to that user.
Permission consistency might still be broken when using third-party plugins.