For teams using team-shared resources, granular control over what access each user has to each resource is a useful facility. We have introduced the ability to control access to team-shared orgs and CI jobs and will be expanding this to other resources. This feature is currently available for all customers using Deployment Teams and Automation Teams licenses or above.
Important things to know
Existing team-shared CI jobs retain their existing permissions, but permissions are now updated through the new Team Management console (see below).
Any new team-shared CI jobs that are created by teams with access to this feature will by default have no access granted to any team members other than owners.
Assigned team-shared CI job permissions are no longer dependent on permissions on the associated Salesforce org.
โUser-owned resources are unaffected.
Changing a user's permissions to team-shared resources
As a team owner, in the My account
menu, select Team management -> People -> Users
(or directly through this link; similarly you can open this link to access My Profile
tab).
This will present a list of all the users in your team:
Selecting a team member on this screen will display the team-shared orgs and CI jobs that they currently have access to:
Setting team-shared org permissions
Selecting Edit access to team shared orgs
will bring you to the org permission screen.
In the Current Team shared Orgs
tab you can change permissions to orgs that the user already has access to:
In the Delegate access to other Orgs
tab you can grant permissions to orgs that the user currently has no access to. To grant a permission across many orgs at once, there is a bulk assign feature as well:
Setting team-shared CI job permissions
Selecting Edit access to pipelines & CI jobs
will bring you to the CI job permission screen. Here you can set a user's permission level to Edit
, Run
or None
for each job.
Levels of access
Edit - This allows users to edit the CI job, allowing users to edit the metadata filters etc. As well as run the job.
Run - This allows users to run the CI job. If the CI job is in a pipeline, this setting would allow users to promote the PR within the pipeline.
None - This setting means that users cannot run the CI job or edit the job settings.
In the Current pipelines & CI jobs
tab you can change permissions to CI jobs that the user already has access to. These are grouped into jobs that are part of a pipeline and those that are standalone:
Note: By assigning Run
access to a CI job for a team member, you're essentially giving that member a permission to run the job and deploy - that is regardless of org access permissions settings in Delegate org access section.
โ
FYI: You can read more about the org access permission in this article: Sharing org credentials with team members
In the Delegate access to other pipelines & CI jobs
tab you can grant permissions to CI jobs that the user currently has no access to. To grant a permission across many CI jobs at once, there is a bulk assign feature as well: