For teams using team-shared resources, granular control over what access each user has to each resource is a useful facility. We have introduced the ability to control access to team-shared orgs and CI jobs and will be expanding this to other resources. This feature is currently available for all customers using Deployment Teams plus Automation Starter licenses or above.
Important things to know
Existing team-shared CI jobs retain their existing permissions, but permissions are now updated through the new Team Management console (see below).
Any new team-shared CI jobs that are created by teams with access to this feature will by default have no access granted to any team members other than owners.
Assigned team-shared CI job permissions are no longer dependent on permissions on the associated Salesforce org.
โUser-owned resources are unaffected.
CI job permission levels
Levels of access for CI jobs are:
Edit - This allows users to edit the CI job, allowing users to edit the metadata filters etc. As well as run the job.
Run - This allows users to run the CI job. If the CI job is in a pipeline, this setting would allow users to promote the PR within the pipeline.
None - This setting means that users cannot run the CI job or edit the job settings.
Note: By assigning Run
access to a CI job for a team member, you're essentially giving that member a permission to run the job and deploy - that is regardless of org access permissions settings in Delegate org access section.
โ
FYI: You can read more about the org access permission in this article: Sharing org credentials with team members
Setting permissions
As a team owner, you can change permissions by:
Changing a user's permissions
In the My account
menu, select Team management -> People -> Users
(or directly through this link; similarly you can open this link to access My Profile
tab).
This will present a list of all the users in your team:
Selecting a team member on this screen will display the team-shared orgs and CI jobs that they currently have access to:
Setting team-shared org permissions
Selecting Edit access to team shared orgs
will bring you to the org permission screen.
In the Current Team shared Orgs
tab you can change permissions to orgs that the user already has access to:
In the Delegate access to other Orgs
tab you can grant permissions to orgs that the user currently has no access to. To grant a permission across many orgs at once, there is a bulk assign feature as well:
Setting team-shared CI job permissions
Selecting Edit access to pipelines & CI jobs
will bring you to the CI job permission screen. Here you can set a user's permission level to Edit
, Run
or None
for each job.
In the Current pipelines & CI jobs
tab you can change permissions to CI jobs that the user already has access to. These are grouped into jobs that are part of a pipeline and those that are standalone:
In the Delegate access to other pipelines & CI jobs
tab you can grant permissions to CI jobs that the user currently has no access to. To grant a permission across many CI jobs at once, there is a bulk assign feature as well:
Setting user permissions on a team-shared org
To set user permissions on a specific org, in the My account
menu, select Team management -> Permissions -> Orgs
(or directly through this link).
Selecting any org in the list will bring you to the permission screen of the org, which also lists CI jobs connected to the org.
The users table lists the users who have access to the org along with their access levels. You can add or remove users and change their permissions for the org by selecting Edit users & access for this org
:
Setting user permissions on a CI job
To set user permissions on a specific CI job, in the My account
menu, select Team management -> Permissions -> Pipelines & continuous integration (CI)
(or directly through this link).
This page lists team-shared pipelines, and also any CI jobs that are not connected to a pipeline.
Selecting any pipeline in the list will bring you to the permission screen of the pipeline.
This page shows user pipeline permissions (read-only) and the CI jobs connected to this pipeline.
You can expand any CI job in the list to see users' permissions on the job. Add or remove users and change their permissions for the org by selecting Edit users & access for this CI job
: