Role-based permissions
Cloud Manager has pre-configured roles with appropriate permissions. For example, a developer develops code and has the permission to push the code to the Git repository. A business owner has different permissions allowing them to define the key performance indicators (KPIs) and approve deployments.
NOTEUser roles
Role management for Cloud Manager is done using the Admin Console. Any user of Cloud Manager must be a member of the customer’s IMS organization and have the Adobe Managed Services Product Context. Specific role memberships are provided by adding the user to a Cloud Manager product profile in the Admin Console.
To learn more about how to set up your roles, see Setting Up Users and Roles.
The following table lists the roles that you can assign in the Admin Console.
| Cloud Manager role | Description |
|---|---|
| Business Owner | The primary user who completes the initial Cloud Manager setup and is responsible for defining KPIs, approving production deployments, and overriding important 3-tier failures when necessary. |
| Content Author | The user generally does not interact with Cloud Manager, but may use the Cloud Manager program switcher (having navigated from Experience Cloud) to access Adobe Experience Manager (AEM). |
| Customer Success Engineer | The user primarily supports AMS customer success and engages with Cloud Manager to execute deployments. These deployments require oversight from an Adobe Customer Success Engineer (CSE). |
| Deployment Manager | The user manages the deployment operations using Cloud Manager to execute stage and production deployments, may approve important 3-tier failures when necessary, and has access to the Git repository. |
| Developer | The user develops and tests custom application code, primarily uses Cloud Manager to view deployment status, and has commit-access to the Git repository. |
| Program Manager | The user uses Cloud Manager to perform team setup, review status, view KPIs, and may approve important 3-tier failures when necessary. |
User permissions
Each of the roles has specific, associated preconfigured permissions. The following table lists the permissions available and the roles who can execute them.
| Permission | Description | Business Owner | Deployment Manager | Program Manager | Developer | CSE |
|---|---|---|---|---|---|---|
| Read the Application | Read program KPIs | x | x | x | x | x |
| Write Application | Program set up or edit | x | ||||
| Add Program | Add new program | x | ||||
| Read Environment | See environment details | x | x | x | x | x |
| Create Execution | Start pipeline | x | x | x | ||
| Read Execution | See execution status | x | x | x | x | x |
| Resume Execution | Ability to resume execution when paused | x | x | x | x | |
| Execution Approve Deploy to Production | Provide go-live approval | x | x | x | ||
| Execution Schedule Deploy to Production | Schedule production deployment | x | x | x | x | |
| Execution Deploy to Production | Deploy application to production when paused for CSE oversight | x | ||||
| Execution Cancel | Cancel current execution | x | ||||
| Execution Override Quality Gate Failures | Approve important quality gate failures | x | x | x | ||
| Pipeline Create | Set up / edit pipeline | x | ||||
| Pipeline Read | See pipeline details | x | x | x | x | x |
| Pipeline Write | Set up / edit pipeline | x | ||||
| Pipeline Modify Approval | Allows editing the Business Owner option | x | ||||
| Pipeline Modify Managed Deployment | Allows editing of the CSE oversight option | x | ||||
| Pipeline Delete | Allows pipeline deletion | x | ||||
| Step Read | See the step quality metrics results | x | x | x | x | x |
| Generate Personal Access Token | Access Git | x | x |
To learn more about how to set up your users, see Setting Up Users and Roles.
TIP
Experience Manager
