Custom permissions custom-permissions
Discover how to set up tailored permission profiles in Cloud Manager. You can configure specific access controls for programs, pipelines, and environments, giving you granular control over what each user can do.
Introduction introduction
Cloud Manager has a set of pre-defined roles that govern access to various Cloud Manager features:
- Business Owner
- Program Manager
- Deployment Manager
- Developer
Custom permissions let users create custom permission profiles with configurable permissions to restrict access for Cloud Manager users to programs, pipelines, and environments.
Use custom permissions using
Creating and using your own custom permissions requires the following three steps:
Create a product profile create
-
Log into Cloud Manager at my.cloudmanager.adobe.com.
-
On the Cloud Manager landing page, click Manage Access.
-
In the Admin Console, click New profile.
-
Provide the general details about the profile.
- Product profile name - A descriptive name for the profile
- Display name - An abbreviated name that is shown in the UI (options)
- Description - An informative description of the profile explaining its purpose (optional)
- Notify users by email - Users receive an email notification when they are added to or removed from this profile.
-
Click Save.
The new product profile is saved and is visible in the list of product profiles in the Admin Console.
Assign custom permissions to the product profile assign-permissions
-
In the Admin Console, click the name of the new product profile you created.
-
In the Custom Profile page, click the Permissions tab.
-
In the row of a permission name, click Edit.
-
In the Edit permissions for Custom Profile dialog box, do one of the following:
-
Near the top of the Available permissions items column, click
-
To add a single permission to the Included permission items column, click its associated
-
-
Click Save.
Assign users to the product profile assign-users
-
In the Admin Console, click the name of the new product profile to which you assigned custom permissions.
-
In the window that opens, click the Users tab.
-
Click Add Users and assign users to the product profile with custom permissions.
In Manage product profiles for enterprise users, see Add users and user groups to a product profile for more details on how to use the Admin Console.
Configurable permissions configurable-permissions
The following permissions are available when you create a custom product profile.
Program CreateProgram AccessProgram EditEnvironment CreateEnvironment EditEnvironment Logs ReadEnvironment Variables ManageEnvironment Restore CreateRapid Development Environment ResetContent Copy ManagePipeline CreatePipeline DeletePipeline EditProduction Deployments Approve/RejectPipeline Executions CancelPipeline Executions StartOverride/Reject Important Metric FailuresProduction Deployments ScheduleRepository Info AccessRepository CreateRepository DeleteRepository EditRepository Code GenerateDomain Name ManageIP Allowlist ManageNetwork Infrastructure ManageSSL Certificate ManageNew Relic Sub Account User ManageOrganization-level permissions organization-level
Organization-level permissions refer to permissions which are always given across all programs in an organization.
The following permissions are organization-level permissions:
-
Program Create- This permission lets users create a program in the organization. -
Repository Info Access - This tenant/organization level permission allows users to generate a username, password, and repository URL for accessing and contributing to a customer project.
- The username and password for repository access are common across all the repositories in the organization. However, the repository URL is unique to each program.
- See Accessing Repositories for more information.
Terms terms
The following terms are used in creating and managing custom permissions and pre-defined roles.
Permission items refer to the scope where permissions are applied. Typically, it is one of the following.
Usage notes usage-notes
- A custom permissions profile also lists AMS programs, environments, and pipelines while configuring permissions.
- Resources like program, environment, and pipeline that were created in Cloud Manager may take several minutes to display in Admin Console for permission configuration.
- In rare scenarios where a custom permissions service fails to respond, predefined profiles are still available and users in predefined profiles still have appropriate access.
Frequently asked questions faq
Which permission profiles are predefined permission profiles?
- Business Owner
- Program Manager
- Deployment Manager
- Developer
For details on pre-defined roles, see AEM as a Cloud Service Team and Product Profiles.
What happens to predefined permission profiles with the introduction of custom profiles?
Default product profiles and Cloud Manager roles continue to work the same as before.
Can I edit predefined permission profiles?
No. Default profiles are non-editable. You cannot add or remove permissions from the default permission profile. You can only add or remove users from predefined profiles.
Should I delete predefined permission profiles since custom profiles are now available?
Do not delete predefined permission profiles from the Admin Console.
Can I add users to multiple permission profiles?
Yes. A user can be part of multiple profiles including predefined and custom permission profiles. When a user is assigned to multiple profiles, the combined permissions from all the assigned permission profiles are available to that user.
What happens if a user has permission to edit an environment/pipeline but doesn’t have access to a program which contains the environment/pipeline?
The user is unable to access the environment or pipeline if they do not have the Program Access permissions containing the environment or pipeline.