Roles are the recommended way to define user permissions and access (for teams with Deployment Teams and Automation Starter or above) to team-shared
org connections and jobs. Any team owner can configure roles for their team.
Put simply, a role is a collection of permissions that are required for a given duty that a team member may need to perform, plus a list of team members with those duties. For example, you might define two roles thus:
Role name | Permissions | Users |
Team A Developer | Pipeline A: View CI job A: Run CI job B: Run Org A: Deployment Org B: Deployment | Ada Bob Charles |
Team A Lead | Pipeline A: Edit CI job A: Edit CI job B: Edit | Ada |
Note: Roles and permissions are additive - if a team member has multiple roles (and/or directly assigned user permissions) then the highest permissions defined will be the ones that take effect, meaning that they can perform all the duties assigned to them. So in the example above, Ada not only has Deployment access to the orgs from membership of "Team A Developer", but also Edit access to the pipeline and CI jobs from membership of "Team A Lead", which overrides the View/Run access in "Team A Developer".
Working with roles is generally simpler and more flexible than assigning permissions directly to users. For example, in the scenario above, if Ada is unavailable, it is easy to temporarily assign the "Team A Lead" role to Bob so that they can act as the team lead. Another example would be to define a "Production Deployment" role that can be assigned to team members on an ad-hoc basis as and when required.
Configuring roles
To create, edit and delete roles, go to the Roles menu item in My Account. Here you will see details of any currently defined roles, and a button that allows you to create a new role:
Upon clicking Edit role
(or Create a new role
) you will be presented with a screen where you can set the role name and description, and define permissions that the role will grant to its users:
Selecting the Users
tab will allow you to choose which team members should be in this role:
Once you have updated the permissions and users, click Save role
to save your changes.
More information on permissions can be found here: