Security & Permissions

Permissions Page

The Permissions page is your your entry point to manage all Apwide Golive permissions. This page is accessible from the Settings menu on the Golive Page:

You must be Jira or Apwide administrator in order to access the Permissions Page and manage permissions.

Cannot view or create any environment?

By default, all permissions are granted to standard Jira groups (jira-administrators, jira-users, jira-software-users, jira-core-users and jira-servicedesk-users). If your user does not belongs to one of these defaults groups, you have to change the default setup in order to be able to view and to create environments.

For example if your user belongs to the group "my-company-group", you have to add this group to the roles that are created by default during app installation.

If your user does not belongs to at least 1 of the default roles your will not be able to view/create any environment.

Role Based Permissions

Golive security model is based on Roles. A Role is defined by a set of Jira Users or Groups that are allowed to do certain operations based on a list of Permissions.

When creating a Role you must specify :

  • the list of Permissions that are required by this role

  • the list of Jira users and/or groups who play this role

For example, you can create a new “Deployer” role with the “deploy” permission and associate it to all Jira users who should endorse the role of "Deployer".

Global Permissions

  • Ensure to select Global Permission in the left column

  • Click on Edit to add / remove permissions or user / groups to an existing Role

  • Click on Add Role button to create a new role

The following permissions are global and are shared by all Environments and Timelines. If a Jira user has one of the following permissions, he will be allowed to perform the allowed operations everywhere in Golive:

  • Manage Applications: allows users to create/update/delete applications

  • Manage Categories: allows users to create/update/delete environment categories

  • Manage Calendars: allows users to create/update/delete environment calendars

  • Plan Events: allows users to schedule Events on the Timeline (this permission includes the “Plan Events” Environment Permission for all Environments)

  • Share Timelines: allows users to share their own timelines with other users

  • Apwide Administrator: allows non Jira Administrators to access all Golive administration features:

    • Jira Project Mapping (note that project associations can also be done by projects' administrators)

    • Environment Statuses

    • Attributes and Custom Properties

    • Security & Permissions

Warning

Jira Administrators have the same permissions as Apwide Administrators by default, you do not have to grant them Apwide Administrator permission.

Environment Permissions

If you have a subset of Environments that should be managed by a dedicated team of users and which required specific permissions, you must create a new Environment Permission Scheme. An Environment Permission Scheme allows you to group Environments that share the same lifecycle/owners. Each Environment belongs to only ONE Environment Permissions Scheme. You can define as many different Environment Permission Schemes as you need.

For example, in some companies, the development and integration environments are managed directly by the development and testing team and staging and pre-production environment are managed by a dedicated System or Middleware team.

Another use case would be to avoid showing the full list of environments for a group of users that only works on a limited number of applications and environments.

An Environment Permission is a set of operations that can be granted by Roles belonging to an Environment Permission Scheme.

Available Environment Permissions that can be different for different subsets of Environments:

  • Browse Environments: allows users to view the Environment

  • Edit Environments: allows users to edit an existing Environment.

  • Create and Delete Environments: allows users to create/delete Environments and also include Environment edition.

  • Deploy Version: allows users to change the deployed version of an Environment

  • Change Status: allows users to change the status of an Environment

  • Manage Deployments: allows users to delete/create new deployment at any date in the past

  • View Secured Attributes: allows users to view secured attributes value (more information about secured attributes: Environment Attributes)

  • Edit Secured Attributes: allows users to view and modify secured attributes value (more information about secured attributes: Environment Attributes)

  • Plan Events: allows users to schedule Events linked to an Environment (the “Plan Events” Global Permission includes the “Plan Events” Environment Permission for all Environments)

Public Environment Gadgets

It is possible to give access to Golive gadgets and Environments data to anonymous users who do are not logged in Jira.

Giving the "Browse Environments" permission to the "Anyone" team will make the Environment information public. It will then be possible to display Environment Gadgets on the Jira System Dashboard and in Confluence pages publicly accessible.

Potential Security Breach!

Never let Anyone access to sensitive data of your Environments as they become available to everyone who can reach your Jira base url.