Permissions reference

This topic describes permissions relevant to RBAC in Harness. For API permissions, go to the API permissions reference.

Administrative Functions

Resource	Permissions
Resource Groups	View (core_resourcegroup_view) Create/Edit (core_resourcegroup_edit) Delete (core_resourcegroup_delete)
Account Settings	Available at the account scope only. View (core_setting_view) Edit (core_setting_edit)
Default Settings	Create/Edit
Projects	View (core_project_view) Create (core_project_create) Edit (core_project_edit) Delete (core_project_delete)
User Groups	View (core_usergroup_view) Manage: Create, edit, and delete user groups (core_usergroup_manage)
Service Accounts	View (core_serviceaccount_view) Create/Edit (core_serviceaccount_edit) Delete (core_serviceaccount_delete) Manage: Create, edit, and delete API keys and tokens for service accounts (core_serviceaccount_manageapikey)
Organizations	Available at the account and org scopes only. View (core_organization_view) Create (core_organization_create) Edit (core_organization_edit) Delete (core_organization_delete)
Roles	View (core_role_view) Create/Edit (core_role_edit) Delete (core_role_delete)
Streaming Destination	Available at the account scope only. View (core_streamingDestination_view) Create/Edit (core_streamingDestination_edit) Delete (core_streamingDestination_delete)
Users	View (core_user_view) Manage: Edit and delete users (core_user_manager) Invite: Add users by inviting them to Harness (core_user_invite)
Authentication Settings	Available at the account scope only. View (core_authsetting_view) Create/Edit (core_authsetting_edit) Delete (core_authsetting_delete)

Environment Groups

Resource	Permissions
Environment Groups	View (core_environmentgroup_view) Create/Edit (core_environmentgroup_edit) Delete (core_environmentgroup_delete) Access: Can access referenced environment groups at runtime (core_environmentgroup_access)

Environments

Resource

Permissions

Environments

View (core_environment_view) Create/Edit (core_environment_edit) Delete (core_environment_delete) Access: Can access referenced environments at runtime (core_environment_access) Rollback (core_environment_rollback) View FF SDK Key: View Feature Flag environment key (ff_environment_apiKeyView) Create FF SDK Key: Create Feature Flag environment key (ff_environment_apiKeyCreate) Delete FF SDK Key: Delete Feature Flag environment key (ff_environment_apiKeyDelete)

Pipelines

Resource	Permissions
Pipelines	View (core_pipeline_view) Create/Edit (core_pipeline_edit) Delete (core_pipeline_delete) Execute: Initiate pipeline runs (core_pipeline_execute) Abort Pipeline (core_pipeline_abort)

Services

Resource	Permissions
Services	View (core_service_view) Create/Edit (core_service_edit) Delete (core_service_delete) Access: Can access referenced services at runtime (core_service_access)

Shared Resources

Resource	Permissions
Templates	View (core_template_view) Create/Edit (core_template_edit) Delete (core_template_delete) Access: Can access referenced templates at runtime (core_template_access) Copy (core_template_copy)
Deployment Freeze	Manage (core_deploymentfreeze_manager) Override (core_deploymentfreeze_override) Global (global)
Secrets	View (core_secret_view) Create/Edit (core_secret_edit) Delete (core_secret_delete) Access: Can access referenced secrets at runtime (core_secret_access)
Connectors	View (core_connector_view) Create/Edit (core_connector_edit) Delete (core_connector_delete) Access: Can access referenced connectors at runtime (core_connector_access)
Variables	View (core_variable_view) Create/Edit (core_variable_edit) Delete (core_variable_delete)
Files	View (core_file_view) Create/Edit (core_file_edit) Delete (core_file_delete) Access (core_file_access)
Dashboards	View (core_dashboards_view) Manage (core_dashboards_edit)
Delegate Configurations	View (core_delegateconfiguration_view) Create/Edit (core_delegateconfiguration_edit) Delete (core_delegateconfiguration_delete)
Delegates	View (core_delegate_view) Create/Edit (core_delegate_edit) Delete (core_delegate_delete)

Policies

Resource	Permissions
Governance Policies	View (core_governancePolicy_view) Edit (core_governancePolicy_edit) Create (core_governancePolicy_create) Analyse Access Policies(core_accessPolicies_analyze) Delete (core_governancePolicy_delete)
Governance Policy Sets	View (core_governancePolicySets_view) Edit (core_governancePolicySets_edit) Create (core_governancePolicySets_create) Delete (core_governancePolicySets_delete) Evaluate (core_governancePolicySets_evaluate)

Discovery

Resource	Permissions
Network Map	View (servicediscovery_networkmap_view) Create (servicediscovery_networkmap_create) Edit (servicediscovery_networkmap_edit) Delete (servicediscovery_networkmap_delete)

Supply Chain Assurance

Resource	Permissions
Remediation Tracker	View (ssca_remediationtracker_view) Create/Edit (ssca_remediationtracker_edit) Close (ssca_remediationtracker_close)

Webhooks

Resource	Permissions
Webhooks	View (core_gitxWebhooks_view) Create/Edit (core_gitxWebhooks_edit) Delete (core_gitxWebhooks_delete)

Input Sets

Resource	Permissions
Input Sets	View Input Set (core_inputset_view) Create/Edit Input Set (core_inputset_edit) Delete Input Set(core_inputset_delete)

Module-specific permissions

Chaos Engineering

Resource	Permissions
Chaos Infrastructure	View (chaos_chaosinfrastructure_view) Create/Edit (chaos_chaosinfrastructure_edit) Delete (chaos_chaosinfrastructure_delete)
Chaos Gameday	View (chaos_chaosgameday_view) Create/Edit (chaos_chaosgameday_edit) Delete (chaos_chaosgameday_delete)
Chaos Hub	View: View Chaos experiments and Chaos scenarios (chaos_chaoshub_view) Create/Edit: Connect to ChaosHub Git repo (chaos_chaoshub_edit) Delete: Disconnect ChaosHub Git repo (chaos_chaoshub_delete)
Chaos Experiment	View (chaos_chaosexperiment_view) Create/Edit (chaos_chaosexperiment_edit) Delete (chaos_chaosexperiment_delete) Execute (chaos_chaosexperiment_execute)

Cloud Cost Management

Resource	Permissions
Currency Preferences	View (ccm_currencyPreference_view) Create/Edit (ccm_currencyPreference_edit)
Overview	View (ccm_overview_view)
Cost Categories	View (ccm_costCategory_view) Create/Edit (ccm_costCategory_edit) Delete (ccm_costCategory_delete)
Folders	View (ccm_folder_view) Create/Edit (ccm_folder_edit) Delete (ccm_folder_delete)
Perspectives	View (ccm_perspective_view) Create/Edit (ccm_perspective_edit) Delete (ccm_perspective_delete)
AutoStopping Rules	View (ccm_autoStoppingRule_view) Create/Edit (ccm_autoStoppingRule_edit) Delete (ccm_autoStoppingRule_delete)
Budgets	View (ccm_budget_view) Create/Edit (ccm_budget_edit) Delete (ccm_budget_delete)
Load Balancer	View (ccm_loadBalancer_view) Create/Edit (ccm_loadBalancer_edit) Delete (ccm_loadBalancer_delete)

Code Repository

Resource

Permissions

Repository

View (code_repo_view) Create/Edit (Create repositories and edit repository settings, such as descriptions, webhooks, and rules) (code_repo_edit) Delete (code_repo_delete) Push (Repository contributor permissions, such as committing, pushing, creating/deleting branches, creating/deleting tags) (code_repo_push) Report commit check : Report a Status Check Result on a Commit (code_repo_reportCommitCheck) Review PR: Review Pull Requests in a Code Repository (code_repo_review)

Feature Flags

Resource	Permissions
Feature flags	View (ff_featureflag_view) Toggle: Turn Feature Flags on/off (ff_featureflag_toggle) Create/Edit Flag (ff_featureflag_edit) Edit Rule (ff_featureflag_rulesEdit) Edit Configuration (ff_featureflag_configEdit) Delete (ff_featureflag_delete)
Target Management	View: View Targets and Target Groups (ff_targetgroup_view) Create/Edit: Create and edit Targets and Target Groups to control visibility of a variation of a Feature Flag (ff_targetgroup_edit) Delete: Delete Targets and Target Groups (ff_targetgroup_delete)

GitOps

Resource	Permissions
Clusters	View (gitops_cluster_view) Create/Edit (gitops_cluster_edit) Delete (gitops_cluster_delete)
Agents	View (gitops_agent_view) Create/Edit (gitops_agent_edit) Delete (gitops_agent_delete)
GnuPG Keys	View (gitops_gpgkey_view) Create/Edit (gitops_gpgkey_edit) Delete (gitops_gpgkey_delete)
Repository Certificates	View (gitops_gpgkey_view) Create/Edit (gitops_gpgkey_edit) Delete (gitops_gpgkey_delete)
Applications	View (gitops_application_view) Create/Edit (gitops_application_edit) Delete (gitops_application_delete) Sync: Deploy applications (gitops_application_sync)
Repositories	View (gitops_repository_view) Create/Edit (gitops_repository_edit) Delete (gitops_repository_delete)
Certificates	View GitOps Certificate (gitops_cert_view) Create/Edit GitOps Certificate (gitops_cert_edit) Delete GitOps Certificate(gitops_cert_delete)

Infrastructure as Code

Resource	Permissions
IACM Workspaces	View (iac_workspace_view) Create/Edit (iac_workspace_edit) Delete (iac_workspace_delete) Create/Edit Variables (iac_workspace_editvariable) Delete Variables (iac_workspace_deletevariable) Approve (iac_workspace_approve) Access State (iac_workspace_accessstate)

Service Reliability

Resource	Permissions
SLO	View (chi_slo_view) Create/Edit (chi_slo_edit) Delete (chi_slo_delete)
Monitored Services	View (chi_monitoredservice_view) Create/Edit (chi_monitoredservice_edit) Delete (chi_monitoredservice_delete) Toggle: Toggle Monitored Services on/off (chi_monitoredservice_toggle)
Downtime	View (chi_downtime_view) Create/Edit (chi_downtime_edit) Delete (chi_downtime_delete)

Security Tests

Resource	Permissions
Issues	View (sto_issue_view)
Scans	View (sto_scan_view)
Test Targets	View (sto_testtarget_view) Create/Edit (sto_testtarget_edit)
Exemptions	View (sto_exemption_view) Create/Edit (sto_exemption_edit) Approve/Reject (sto_exemption_approve)
External Tickets	View (sto_ticket_view) Create/Edit (sto_ticket_edit) Delete (sto_ticket_delete)

Internal Developer Portal

Resource	Permissions
Plugins	View (idp_plugin_view) Create/Edit (idp_plugin_edit) Toggle (idp_plugin_toggle) Delete (idp_plugin_delete)
Scorecards	View (idp_scorecard_view) Create/Edit (idp_scorecard_edit) Delete (idp_scorecard_delete)
Layouts	View (idp_layout_view) Create/Edit (idp_layout_edit)
Catalog Access Policies	View (idp_catalogaccesspolicy_view) Create (idp_catalogaccesspolicy_create) Edit (idp_catalogaccesspolicy_edit) Delete (idp_catalogaccesspolicy_delete)
Integrations	View (idp_integration_view) Create (idp_integration_create) Edit (idp_integration_edit) Delete (idp_integration_delete)
Advanced Configurations	View (idp_advancedconfiguration_view) Create/Edit (idp_advancedconfiguration_edit) Delete (idp_advancedconfiguration_delete)

Continuous Error Tracking

Resource	Permissions
Tokens	View (cet_token_view) Create/Edit (cet_token_create) Revoke (cet_token_revoke)
Critical Events	View (cet_criticalevent_view) Create/Edit (cet_criticalevent_create) Delete (cet_criticalevent_delete)
Agents	View (cet_agents_view)