vRealize Automation Code Stream provides several ways to ensure that users have the appropriate authorization and consent to work with pipelines that release your software applications.
Each member on a team has an assigned role, which gives specific permissions on pipelines, endpoints, and dashboards, and the ability to mark resources as restricted.
User operations and approvals allow you to control when a pipeline runs and must stop for an approval. Your role determines whether you can resume a pipeline, and run pipelines that include restricted endpoints or variables.
Use secret variables to hide and encrypt sensitive information. Use restricted variable for strings, passwords, and URLs that must be hidden and encrypted, as well as to retrict use in executions. For example, use a secret variable for a password or URL. You can use secret and restricted variables in any type of task in your pipeline.
What are Roles in vRealize Automation Code Stream
Depending on your role in vRealize Automation Code Stream, you can perform certain actions and access certain areas. For example, your role might allow you to create, update, and run pipelines. Or, you might only have permission to view pipelines.
All - restricted means this role has permission to perform create, read, update, and delete actions on entities except for restricted variables and endpoints.
|vRealize Automation Code Stream Roles|
|vRealize Automation Code Stream service level access||All Actions||All - restricted||Execution actions||Read only||None|
|Project level access: Project Admin||All Actions||All - restricted||All - restricted||All - restricted||All - restricted|
|Project level access: Project Member||All Actions||All - restricted||All - restricted||All - restricted||All - restricted|
|Project level access: Project Viewer||All Actions||All - restricted||Execution actions||Read only||Read only|
Users who have the Service Viewer role can see all the information that is available to the administrator. They cannot take any action unless an administrator makes them a project administrator or a project member. If the user is affiliated with a project, they have the permissions related to the role. The project viewer would not extend their permissions the way that the administrator or member role does. This role is read-only across all projects.
|Permission||Administrator role||Developer role||Executor role||Viewer role||User role|
|Pipelines: Run pipelines that include restricted endpoints or variables.||Yes|
|Pipeline executions: View||Yes||Yes||Yes||Yes|
|Pipeline executions: Resume, pause, cancel||Yes||Yes||Yes|
|Pipeline executions: Resume pipelines that stop for approval on restricted resources.||Yes|
|Custom integrations: Create||Yes||Yes|
|Custom integrations: Read||Yes||Yes|
|Custom integrations: Update||Yes||Yes|
|Endpoint or variable: Mark as restricted||Yes|
If you have the Administrator role
As an administrator, you can create integration endpoints, triggers, new pipelines, and dashboards.
Projects allow pipelines to access infrastructure resources. Administrators create projects so that users can group pipelines, endpoints, and dashboards together. Users then select the project in their pipelines. Each project includes an administrator and users with assigned roles.
With the Administrator role, you can mark endpoints and variables as restricted resources in a pipeline, and you can run pipelines that use restricted resources. A restricted endpoint or variable that a pipeline uses requires an approval to keep the pipeline running. Otherwise, the pipeline stops at the task where the restricted variable is used until approval is granted, at which point an administrator must resume the pipeline to run. When a pipeline task includes a restricted resource, the task in the pipeline displays an icon that indicates the resource is restricted.
As an administrator, you can also request that pipelines be published in vRealize Automation Service Broker.
If you have the Developer role
You can work with pipelines like an administrator can, except that you cannot work with restricted endpoints or variables.
If you run a pipeline that uses restricted endpoints or variables, the pipeline only runs up to the task that uses the restricted resource. Then, it stops. You must then get approval for the pipeline task, and have an administrator resume the pipeline.
If you have the User role
You can access vRealize Automation Code Stream, but do not have any privileges as the other roles provide.
If you have the Viewer role
You can see pipelines, endpoints, pipeline executions, and dashboards, but you cannot create, update, or delete them.
A user who also has the Service viewer role can see all the information that is available to the administrator. They cannot take any action unless you make them a project administrator or a project member. If the user is affiliated with a project, they have the permissions related to the role. The project viewer would not extend their permissions the way that the administrator or member role does.
If you have the Executor role
You can run pipelines and take action on user operation tasks. You can also resume, pause, and cancel pipeline executions. But, you cannot modify pipelines.
How do I assign and update roles
To assign and update roles for other users, you must be an administrator.
- To see the active users and their roles, in vRealize Automation, click the nine dots at the upper-right.
- Click Identity & Access Management.
- To display user names and roles, click Active Users.
- To add roles for a user, or change their roles, click the check box next to the user name, and click Edit Roles.
- When you add or change user roles, you can also add access to services.
- To save your changes, click Save.