Skip to main content

Permissions reference

This topic describes permissions relevant to RBAC in Harness. For API permissions, go to the API permissions reference.

Administrative Functions

ResourcePermissions
Resource Groups
  • View
  • Create/Edit
  • Delete
Account SettingsAvailable at the account scope only.
  • View
  • Edit
Default Settings
  • Create/Edit
Projects
  • View
  • Create
  • Edit
  • Delete
User Groups
  • View
  • Manage: Create, edit, and delete user groups
Service Accounts
  • View
  • Create/Edit
  • Delete
  • Manage: Create, edit, and delete API keys and tokens for service accounts
OrganizationsAvailable at the account and org scopes only.
  • View
  • Create
  • Edit
  • Delete
Roles
  • View
  • Create/Edit
  • Delete
Streaming DestinationAvailable at the account scope only.
  • View
  • Create/Edit
  • Delete
Users
  • View
  • Manage: Edit and delete users
  • Invite: Add users by inviting them to Harness
Authentication SettingsAvailable at the account scope only.
  • View
  • Create/Edit
  • Delete

Environment Groups

ResourcePermissions
Environment Groups
  • View
  • Create/Edit
  • Delete
  • Access: Can access referenced environment groups at runtime

Environments

ResourcePermissions
Environments
  • View
  • Create/Edit
  • Delete
  • Access: Can access referenced environments at runtime
  • Create FF SDK Key: Create Feature Flag environment key
  • Delete FF SDK Key: Delete Feature Flag environment key

Pipelines

ResourcePermissions
Pipelines
  • View
  • Create/Edit
  • Delete
  • Execute: Initiate pipeline runs

Services

ResourcePermissions
Services
  • View
  • Create/Edit
  • Delete
  • Access: Can access referenced services at runtime

Shared Resources

ResourcePermissions
Templates
  • View
  • Create/Edit
  • Delete
  • Access: Can access referenced templates at runtime
  • Copy
Deployment Freeze
  • Manage
  • Override
  • Global
Secrets
  • View
  • Create/Edit
  • Delete
  • Access: Can access referenced secrets at runtime
Connectors
  • View
  • Create/Edit
  • Delete
  • Access: Can access referenced connectors at runtime
Variables
  • View
  • Create/Edit
  • Delete
Files
  • View
  • Create/Edit
  • Delete
  • Access
Dashboards
  • View
  • Manage
Delegate Configurations
  • View
  • Create/Edit
  • Delete
Delegates
  • View
  • Create/Edit
  • Delete

Policies

ResourcePermissions
Governance Policies
  • View
  • Edit
  • Create
  • Delete
Governance Policy Sets
  • View
  • Edit
  • Create
  • Delete

Discovery

ResourcePermissions
Network Map
  • View
  • Create
  • Edit
  • Delete

Supply Chain Assurance

ResourcePermissions
Remediation Tracker
  • View
  • Create/Edit
  • Close

Webhooks

ResourcePermissions
Webhooks
  • View
  • Create/Edit
  • Delete

Module-specific permissions

Chaos Engineering

ResourcePermissions
Chaos Infrastructure
  • View
  • Create/Edit
  • Delete
Chaos Gameday
  • View
  • Create/Edit
  • Delete
Chaos Hub
  • View: View Chaos experiments and Chaos scenarios
  • Create/Edit: Connect to ChaosHub Git repo
  • Delete: Disconnect ChaosHub Git repo
Chaos Experiment
  • View
  • Create/Edit
  • Delete
  • Execute

Cloud Cost Management

ResourcePermissions
Currency Preferences
  • View
  • Create/Edit
Overview
  • View
Cost Categories
  • View
  • Create/Edit
  • Delete
Folders
  • View
  • Create/Edit
  • Delete
Perspectives
  • View
  • Create/Edit
  • Delete
AutoStopping Rules
  • View
  • Create/Edit
  • Delete
Budgets
  • View
  • Create/Edit
  • Delete
Load Balancer
  • View
  • Create/Edit
  • Delete

Code Repository

ResourcePermissions
Repository
  • View
  • Create/Edit (Create repositories and edit repository settings, such as descriptions, webhooks, and rules)
  • Delete
  • Push (Repository contributor permissions, such as committing, pushing, creating/deleting branches, creating/deleting tags)

Feature Flags

ResourcePermissions
Feature flags
  • Toggle: Turn Feature Flags on/off
  • Create Flag
  • Edit Rule
  • Edit Configuration
  • Delete
Target Management
  • Create/Edit: Create and edit Targets and Target Groups to control visibility of a variation of a Feature Flag
  • Delete: Delete Targets and Target Groups

GitOps

ResourcePermissions
Clusters
  • View
  • Create/Edit
  • Delete
Agents
  • View
  • Create/Edit
  • Delete
GnuPG Keys
  • View
  • Create/Edit
  • Delete
Repository Certificates
  • View
  • Create/Edit
  • Delete
Applications
  • View
  • Create/Edit
  • Delete
  • Sync: Deploy applications
Repositories
  • View
  • Create/Edit
  • Delete

Infrastructure as Code

ResourcePermissions
IACM Workspaces
  • View
  • Create/Edit
  • Delete
  • Create/Edit Variables
  • Delete Variables
  • Approve
  • Access State

Service Reliability

ResourcePermissions
SLO
  • View
  • Create/Edit
  • Delete
Monitored Services
  • View
  • Create/Edit
  • Delete
  • Toggle: Toggle Monitored Services on/off
Downtime
  • View
  • Create/Edit
  • Delete

Security Tests

ResourcePermissions
Issues
  • View
Scans
  • View
Test Targets
  • View
  • Create/Edit
Exemptions
  • View
  • Create/Edit
  • Approve/Reject
External Tickets
  • View
  • Create/Edit
  • Delete

Internal Developer Portal

ResourcePermissions
Plugins
  • View
  • Create/Edit
  • Toggle
  • Delete
Scorecards
  • View
  • Create/Edit
  • Delete
Layouts
  • View
  • Create/Edit
Catalog Access Policies
  • View
  • Create/Edit
  • Delete
Integrations
  • View
  • Create
  • Edit
  • Delete
Advanced Configurations
  • View
  • Create/Edit
  • Delete

Continuous Error Tracking

ResourcePermissions
Tokens
  • View
  • Create/Edit
  • Revoke
Critical Events
  • View
  • Create/Edit
  • Delete
Agents
  • View