Global Permissions
This topic provides an overview of global permissions in Release and their relationship to users and roles.
Understanding Users, Roles, and Permissions
Users, roles, and permissions form the core of Release’s access control model. This section explains what each element is and how they work together in Release.
What are Users?
A user is an individual who can log in to Release with valid credentials. Username acts as a unique identifier for the user. Authentication ensures that only authorized users can access the system.
For more information on creating and managing users, see Configure user settings.
What are Roles?
A role is a way to group users who need similar access. Instead of giving permissions to each user one by one, you assign permissions to a role and then add users to that role. This makes managing access easier and more consistent.
For more information, see Configure roles.
What are Permissions?
A permission defines what actions a user can perform in Release. Permissions control access to specific features, operations, and areas of the application.
Permissions are not assigned directly to users. Instead, they are assigned to roles, and users inherit permissions through the roles they belong to.
To perform an action, a user must be part of a role that includes the required permissions.
Permissions help organizations:
- Give users only the access they need to do their work.
- Protect sensitive data and functionality.
- Manage access consistently across teams.
Release also supports fine-grained permissions, including global permissions that apply across the entire system. This ensures that administrators can tightly control access where needed while still enabling efficient workflows for all users.
The Permissions Page
The Permissions page in Users and Permissions is visible only to users with the Admin or Edit Security global permission.
To view the Permissions Page, navigate to Settings > Users and permissions > Permissions.
Available Permissions
The following global permissions are available:
| Permission | Description |
|---|---|
| Admin | All permissions. Only visible to users logged in as Admin. Non-admin users cannot assign this permission to themselves or others. |
| Login | Provides the capability to allow or restrict the users who can log in to the Digital.ai Release application. |
| Edit security | Access to the Roles and Permissions pages and permission to edit security on releases and templates. |
| Create template | Create a new template. Note: This permission also includes global triggers. |
| Create release | Create a release from any template. Additionally, see the Create Release template permission. |
| View Reports and Digital.ai Analytics | View global and analytics dashboards. |
| Audit data | Read-only permission for data access and view audit reports. This permission is tied to the Digital.ai Analytics Service User role. |
| Create Custom dashboards | Create, edit, or delete a custom dashboard. |
| Edit global variables | Edit global variables (available in Release 4.8.0 and later). |
| Create top level folders | Create folders. |
| Edit blackout periods | Create, edit, or delete a blackout period. |
| Edit risk profiles | Create, edit, or delete a risk profile. |
| Edit environments | Create, edit or delete an environment. Permission is required to create stages and create environment labels. |
| Edit applications | Create, edit, or delete an application. |
| Edit environment reservations | Access the scheduling pages, make a schedule, or reserve an environment. |
| Edit runner | Allows users to edit and runner configurations. When granted, this permission enables the Edit and Delete options for runners in the runner list. |
| View runner | Allows users to access the Runners page in  > Runners. |
Assign Global Permissions
- On the Permissions page, you can view the list of permissions in the Action column and the roles assigned to each permission in the Roles column.
- To assign a role to a permission, type part of the role name in the Roles column. Matching roles appear in a dropdown list.
- Select the appropriate role from the list. You can assign multiple roles to the same permission.
- Click Save to apply your changes.
Click Reset to discard your changes and reload the current settings from the server.
Filter Permissions and Roles
You can use the Action and Roles search boxes to filter your permissions and roles respectively. This filtering becomes very helpful when you have multiple number of permissions.
Folder, Template, and Release Level Permissions
In addition to global security, you can enforce security on the folder, template, and release level. For more information, see Configure Teams and Permissions.
Login Permission
The Release role-based access control is equipped with a dedicated login permission to simplify the security configuration by allowing only users with a specific role to login to Release.
You no longer have to exclude OIDC or LDAP users using the user search filter. To restrict login only to specific roles, you can assign the roles to the new Login permission.
If you don't have a role assigned to the Login permission, then you will see the following screen when you try to log in to the Release application.
