README: Here is the permissions breakdown with the schema for each resource.
PRO-TIP: If it would be easier to put the permissions in a separate view while filling out the survey instead of scrolling, here is a markdown version to view in a separate screen.
Project Planning PermissionsManage: CRUD operations on work items including epics, issues, OKRs, boards, labels, milestones, iterations, and wiki along with managing settings
Write: Ability to create and update epics, issues, OKRs, and tasks. Set up iterations, milestones and wikis. Edit and transition work items on the board
View: Ability to view epics and issues along with associated metadata
Delete: Ability to delete work items including epics, issues, OKRs, boards, labels, milestones, iterations, and wikis
Repository Permissions
Manage: CRUD operations on code, MRs, protected tags, protected branches, branch protection, push rules, and forks. Settings include repository, MR configurations, and approval rules
Write: Ability to push code, create branches, tags, and run pipelines. Open and contribute to MRs.
View: Ability to view code, MRs, branches, tags, and commit status
Delete: Ability to delete unprotected branches, unprotected tags
Package Permissions
Manage: CRUD Operations on objects including Registries, Proxy, Cleanup Policies along with managing the settings.
Write: Ability to push a container, package, or terraform module to registry
View: Ability to view, retrieve, and pull registry objects and metadata on repositories and images
Delete: Ability to delete registry objects and metadata
CI/CD - General Permissions
Manage - Ability to manage settings including Protected Environments, Secure Files, Artifacts, Rollbacks, Deploy Freezes, CI_JOB_TOKEN access, Pipeline Tokens, and Pipeline Subscriptions
Write: Ability to retry jobs, cancel jobs. Ability to stop environments.
View: Ability to view pipelines, jobs, job logs, artifacts, environments, pipeline editor, Secure files and terraform state files.
Delete: Ability to delete pipelines, jobs, artifacts environments, and terraform state files.
CI/CD - Variable Permissions
Manage: CRUD operations on CI/CD Variables
Write: Ability to add or update variables
View: Ability to view variables
Delete: Ability to delete variables
CI/CD - Runner Permissions
Manage: CRUD Operations including ability to register, remove, view Runner fleet along with managing Runner settings
Write: Ability to register a Runner and clear cache.
View: Ability to view Runner fleet
Delete: Ability to delete a Runner
CI/CD - Agent Permissions
Manage: CRUD Operations on Kubernetes Agents along with managing the settings
Write: Ability to deploy to a cluster
View: Ability to view clusters and resources
Delete: Ability to delete an agent
Application Security Permissions
Manage: CRUD Operations on vulnerabilities, security policies and linking, along with security configurations for SAST and DAST
Write: Ability to create a security policy. Ability to manually create a vulnerability
View: Ability to view vulnerabilities, dependencies, and dashboard
Delete: Delete security policies and links. Remove security configurations
Compliance Permissions
Manage: CRUD operations on compliance frameworks, license scanning exceptions, and associated settings.
Write: Ability to assign a framework to a project
View: Ability to view adherence report and audit events
Delete: Ability to delete a framework
Analytics Permissions
Manage: CRUD operations on analytics view along with ability to change settings
Write: Ability to add and update a dashboard
View: Ability to view all analytic dashboards
Delete: Ability to delete dashboards
Monitoring Permissions
Manage: CRUD operations for error tracking, alerts, incident management, and status page along with managing respective settings
Write: Ability to contribute to discussions on errors, alerts, and incidents
View: Ability to view errors, alerts, incidents, and status page
Delete: Ability to delete errors, alerts, and incidents
User Management Permissions
Manage: CRUD operations on users and custom roles. Also ability to manage application settings include SAML SSO Setup, SAML Linking, Domain Verification
Write: Ability to add a member
View: Ability to view members
Delete: Ability to remove a member
Group Permissions
Manage: Ability to manage general group settings including visibility and group features such as applications, integrations, webhooks, access tokens, and billing. Also ability to export, change path, or transfer group
Delete: Ability to delete a group
Project Permissions
Manage: Ability to manage general project settings including visibility and project features such as integrations, webhooks, and access tokens. Also ability to export, change path, or transfer project
Write: Ability to comment on project objects including MRs, epics, issues, and designs
Delete: Ability to delete or archive a project