Bamboo permissions

Bamboo provides the following types of permissions to allow fully customizable control of access to the continuous delivery workflow:

  • Global permissions
  • Build plan permissions
  • Project permissions
  • Deployment permissions
    • Deployment project permissions
    • Deployment environment permissions

Permissions key:

(tick) - Permission is set by default

(star) - Permission is available as an option

(error) - Permission not available, even as an option

On this page:

Bamboo permissions are additive. Once you’re assigned permissions on any level, you'll automatically have permissions on lower levels. You can’t override or remove permissions on lower levels. For example, if you have Create permission of a global level, you can create plans on all levels. Another example, if you have Build permission assigned to you on a project level and none assigned on the plan level explicitly, you will still have build permissions for that plan anyhow.

Global permissions

The Global permissions level controls the ability to view the system, create a new build plan and use administration tools. Global application permissions are accessed from the Global permissions page within the Bamboo administration pages.

User typeAccessCreateCreate repositoryRestricted adminAdmin
Anonymous(tick)(error)(error)(error)(error)
Logged-in(tick)(error)(star)(star)(star)
Administrator(tick)(tick)(tick)(star)(tick)

Key:

  • Access - log in to Bamboo; this permission does not give you any additional permission. 
  • Create - create new plans, projects, and deployment projects in Bamboo. 
  • Create repository - create and manage linked repositories.
  • Restricted admin - perform some administration operations and view all plans in Bamboo; this role excludes permissions that directly influence the host on which the Bamboo Server is located.

    Restricted Admins can't perform agent dedication by default. You can change that by setting the Allow users to dedicate agents to builds and deployments option in the Security Settings.

  • Admin - perform all operations and view all plans in Bamboo.

Build plan permissions

Build plan permissions allow a user to control access to the functions of the build plan. These include viewing, editing, building, cloning, and administering a build plan. Build plan level permissions are accessed from the build plan configuration page. 


UserViewEditView configurationBuildCloneAdmin
Anonymous(star)(error)(error)(error)(error)(error)
Logged-in(star)(star)(star)(star)(star)(star)
Administrator(tick)(tick)(tick)(tick)(tick)(tick)

Key:

  • View - view the plan and its builds; when creating a new plan, check the  Allow all users to view this plan to allow anonymous and logged-in users view your plan.
  • View configuration - view the configuration of the plan and its jobs.
  • Edit - view and edit the configuration of the plan and its jobs, not including permissions or stages.
  • Build - trigger a manual build, or suspend and resume the plan.
  • Clone - clone the plan.
  • Admin - edit all aspects of the plan including permissions and stages.

Project permissions

To access any plans in a project you must have the View permission granted. Without the project View permission, you won't be able to see, run, or administer any plans.

Project permissions allow you to control access to project permissions and settings. See Configuring project permissions.

UserViewCreate planCreate repositoryAdmin
Anonymous(star)(error)(error)(error)
Logged-in(star)(star)(star)(star)
Administrator(tick)(tick)(tick)(tick)

Key:

  • View - access the project and plans or repositories for the project
  • Create plan - create plans for the project

  • Create repository - create repository for the project.
  • Admin

    • manage permissions for the project

    • manage permissions for all plans in a project

    • change project settings

Deployment permissions

Bamboo's deployments features allow you to control permissions for both deployment projects and deployment environments.

Deployment projects

UserViewView configurationApprove releaseEdit
Anonymous(tick)(error)(error)(error)
Logged-in(tick)(star)(star)(star)
Administrator(tick)(tick)(tick)(tick)

Key:

  • View — view the project and its associated environments.
  • View configuration — view the project configuration. 
  • Approve release — allow users to approve or decline deployment releases.
  • Edit — edit the project, its related plan, and environment configuration, and create releases.

Deployment environments

UserViewView configurationEditDeploy
Anonymous(tick)(error)(error)(error)
Logged-in(tick)(star)(star)(star)
Administrator(tick)(tick)(tick)(tick)

Key:

  • View - view the environment. You must also have view permission on the deployment project.
  • View configuration - view the environment configuration.
  • Edit - edit the environment configuration.
  • Deploy - deploy releases to this environment and create releases for this project.

Permission dependencies

To ensure the consistency of Bamboo permissions, we provide an update mechanism which will fix all inconsistencies for all permissions in your Bamboo environment. We have also modified all the pages where you can edit permissions in a way which won’t allow granting inconsistent or clashing permissions in the future.

If you want to revoke a lower-level permission for a user, you must revoke the higher-level permissions first. Also, when granting a higher-level permission to a user, all relevant lower-level permissions will be granted automatically to that user.

Permission consistency might still be broken when using third-party plugins.



Last modified on Jan 19, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.