Permissions in Bamboo
Global permissions
The Global permissions level controls the ability to view the system, create a new build plan and use administration tools. Global application permissions are accessed from the Global permissions page within the Bamboo administration pages.
User type | Access | Create | Create repository | Restricted admin | Admin |
---|---|---|---|---|---|
Anonymous | |||||
Logged-in | |||||
Administrator |
Key:
- Access - log in to Bamboo; this permission does not give you any additional permission.
- Create - create new plans, projects, and deployment projects in Bamboo.
- Create repository - create and manage linked repositories.
Restricted admin - perform some administration operations and view all plans in Bamboo; this role excludes permissions that directly influence the host on which the Bamboo Server is located.
Restricted Admins can't perform agent dedication by default. You can change that by setting the Allow users to dedicate agents to builds and deployments option in the Security Settings.
Admin - perform all operations and view all plans in Bamboo.
Build plan permissions
Build plan permissions allow a user to control access to the functions of the build plan. These include viewing, editing, building, cloning, and administering a build plan. Build plan level permissions are accessed from the build plan configuration page.
User | View | Edit | View configuration | Build | Clone | Admin |
---|---|---|---|---|---|---|
Anonymous | ||||||
Logged-in | ||||||
Administrator |
Key:
- View - view the plan and its builds; when creating a new plan, check the Allow all users to view this plan to allow anonymous and logged-in users view your plan.
- View configuration - view the configuration of the plan and its jobs.
- Edit - view and edit the configuration of the plan and its jobs, not including permissions or stages.
- Build - trigger a manual build, or suspend and resume the plan.
- Clone - clone the plan.
- Admin - edit all aspects of the plan including permissions and stages.
Project permissions
To access any plans in a project you must have the View permission granted. Without the project View permission, you won't be able to see, run, or administer any plans.
Project permissions allow you to control access to project permissions and settings. See Configuring project permissions.
User | View | Create plan | Create repository | Admin |
---|---|---|---|---|
Anonymous | ||||
Logged-in | ||||
Administrator |
Key:
- View - access the project and plans or repositories for the project
Create plan - create plans for the project
- Create repository - create repository for the project.
Admin -
manage permissions for the project
manage permissions for all plans in a project
change project settings
Deployment permissions
Bamboo's deployments features allow you to control permissions for both deployment projects and deployment environments.
Deployment projects
User | View | View configuration | Approve release | Edit |
---|---|---|---|---|
Anonymous | ||||
Logged-in | ||||
Administrator |
Key:
- View — view the project and its associated environments.
- View configuration — view the project configuration.
- Approve release — allow users to approve or decline deployment releases.
- Edit — edit the project, its related plan, and environment configuration, and create releases.
Deployment environments
User | View | View configuration | Edit | Deploy |
---|---|---|---|---|
Anonymous | ||||
Logged-in | ||||
Administrator |
Key:
- View - view the environment. You must also have view permission on the deployment project.
- View configuration - view the environment configuration.
- Edit - edit the environment configuration.
- Deploy - deploy releases to this environment and create releases for this project.
Permission dependencies
To ensure the consistency of Bamboo permissions, we provide an update mechanism which will fix all inconsistencies for all permissions in your Bamboo environment. We have also modified all the pages where you can edit permissions in a way which won’t allow granting inconsistent or clashing permissions in the future.
If you want to revoke a lower-level permission for a user, you must revoke the higher-level permissions first. Also, when granting a higher-level permission to a user, all relevant lower-level permissions will be granted automatically to that user.
Permission consistency might still be broken when using third-party plugins.