All Collections
Team management
Team collaboration
Team collaboration
User permissions for team-shared orgs, CI jobs and Pipelines
User permissions for team-shared orgs, CI jobs and Pipelines

Setting user permissions on team-shared resources

Mark Allan avatar
Written by Mark Allan
Updated over a week ago

For teams using team-shared resources, granular control over what access each user has to each resource is a useful facility. We have introduced the ability to control access to team-shared orgs and CI jobs and will be expanding this to other resources. This feature is currently available for all customers using Deployment Teams and Automation Teams licenses or above.

Important things to know

  • Existing team-shared CI jobs retain their existing permissions, but permissions are now updated through the new Team Management console (see below).

  • Any new team-shared CI jobs that are created by teams with access to this feature will by default have no access granted to any team members other than owners.

  • Assigned team-shared CI job permissions are no longer dependent on permissions on the associated Salesforce org.
    โ€‹

  • User-owned resources are unaffected.

Changing a user's permissions to team-shared resources

As a team owner, in the My account menu, select Team management -> People -> Users (or directly through this link; similarly you can open this link to access My Profile tab).

This will present a list of all the users in your team:

Selecting a team member on this screen will display the team-shared orgs and CI jobs that they currently have access to:

Setting team-shared org permissions

Selecting Edit access to team shared orgs will bring you to the org permission screen.

In the Current Team shared Orgs tab you can change permissions to orgs that the user already has access to:

In the Delegate access to other Orgs tab you can grant permissions to orgs that the user currently has no access to. To grant a permission across many orgs at once, there is a bulk assign feature as well:

Setting team-shared CI job permissions

Selecting Edit access to pipelines & CI jobs will bring you to the CI job permission screen. Here you can set a user's permission level to Edit, Run or None for each job.

Levels of access

  • Edit - This allows users to edit the CI job, allowing users to edit the metadata filters etc. As well as run the job.

  • Run - This allows users to run the CI job. If the CI job is in a pipeline, this setting would allow users to promote the PR within the pipeline.

  • None - This setting means that users cannot run the CI job or edit the job settings.

In the Current pipelines & CI jobs tab you can change permissions to CI jobs that the user already has access to. These are grouped into jobs that are part of a pipeline and those that are standalone:

Note: By assigning Run access to a CI job for a team member, you're essentially giving that member a permission to run the job and deploy - that is regardless of org access permissions settings in Delegate org access section.
โ€‹
FYI: You can read more about the org access permission in this article: Sharing org credentials with team members

In the Delegate access to other pipelines & CI jobs tab you can grant permissions to CI jobs that the user currently has no access to. To grant a permission across many CI jobs at once, there is a bulk assign feature as well:

Related Articles
Sharing org credentials with team members
Minimum permissions needed to set up Gearset pipelines
Team-shared CI jobs
Converting a CI job to a team-shared CI job
Converting a pipeline to a team-shared pipeline
Did this answer your question?