Skip to main content

Permissions reference

This topic describes permissions relevant to RBAC in Harness. For API permissions, go to the API permissions reference.

Administrative Functions

ResourcePermissions
Resource Groups
  • View (core_resourcegroup_view)
  • Create/Edit (core_resourcegroup_edit)
  • Delete (core_resourcegroup_delete)
Account SettingsAvailable at the account scope only.
  • View (core_setting_view)
  • Edit (core_setting_edit)
Default Settings
  • Create/Edit
Projects
  • View (core_project_view)
  • Create (core_project_create)
  • Edit (core_project_edit)
  • Delete (core_project_delete)
User Groups
  • View (core_usergroup_view)
  • Manage: Create, edit, and delete user groups (core_usergroup_manage)
Service Accounts
  • View (core_serviceaccount_view)
  • Create/Edit (core_serviceaccount_edit)
  • Delete (core_serviceaccount_delete)
  • Manage: Create, edit, and delete API keys and tokens for service accounts (core_serviceaccount_manageapikey)
OrganizationsAvailable at the account and org scopes only.
  • View (core_organization_view)
  • Create (core_organization_create)
  • Edit (core_organization_edit)
  • Delete (core_organization_delete)
Roles
  • View (core_role_view)
  • Create/Edit (core_role_edit)
  • Delete (core_role_delete)
Streaming DestinationAvailable at the account scope only.
  • View (core_streamingDestination_view)
  • Create/Edit (core_streamingDestination_edit)
  • Delete (core_streamingDestination_delete)
Users
  • View (core_user_view)
  • Manage: Edit and delete users (core_user_manager)
  • Invite: Add users by inviting them to Harness (core_user_invite)
Authentication SettingsAvailable at the account scope only.
  • View (core_authsetting_view)
  • Create/Edit (core_authsetting_edit)
  • Delete (core_authsetting_delete)

Environment Groups

ResourcePermissions
Environment Groups
  • View (core_environmentgroup_view)
  • Create/Edit (core_environmentgroup_edit)
  • Delete (core_environmentgroup_delete)
  • Access: Can access referenced environment groups at runtime (core_environmentgroup_access)

Environments

ResourcePermissions
Environments
  • View (core_environment_view)
  • Create/Edit (core_environment_edit)
  • Delete (core_environment_delete)
  • Access: Can access referenced environments at runtime (core_environment_access)
  • Rollback (core_environment_rollback)
  • View FF SDK Key: View Feature Flag environment key (ff_environment_apiKeyView)
  • Create FF SDK Key: Create Feature Flag environment key (ff_environment_apiKeyCreate)
  • Delete FF SDK Key: Delete Feature Flag environment key (ff_environment_apiKeyDelete)

Pipelines

ResourcePermissions
Pipelines
  • View (core_pipeline_view)
  • Create/Edit (core_pipeline_edit)
  • Delete (core_pipeline_delete)
  • Execute: Initiate pipeline runs (core_pipeline_execute)
  • Abort Pipeline (core_pipeline_abort)

Services

ResourcePermissions
Services
  • View (core_service_view)
  • Create/Edit (core_service_edit)
  • Delete (core_service_delete)
  • Access: Can access referenced services at runtime (core_service_access)

Shared Resources

ResourcePermissions
Templates
  • View (core_template_view)
  • Create/Edit (core_template_edit)
  • Delete (core_template_delete)
  • Access: Can access referenced templates at runtime (core_template_access)
  • Copy (core_template_copy)
Deployment Freeze
  • Manage (core_deploymentfreeze_manager)
  • Override (core_deploymentfreeze_override)
  • Global (global)
Secrets
  • View (core_secret_view)
  • Create/Edit (core_secret_edit)
  • Delete (core_secret_delete)
  • Access: Can access referenced secrets at runtime (core_secret_access)
Connectors
  • View (core_connector_view)
  • Create/Edit (core_connector_edit)
  • Delete (core_connector_delete)
  • Access: Can access referenced connectors at runtime (core_connector_access)
Variables
  • View (core_variable_view)
  • Create/Edit (core_variable_edit)
  • Delete (core_variable_delete)
Files
  • View (core_file_view)
  • Create/Edit (core_file_edit)
  • Delete (core_file_delete)
  • Access (core_file_access)
Dashboards
  • View (core_dashboards_view)
  • Manage (core_dashboards_edit)
Delegate Configurations
  • View (core_delegateconfiguration_view)
  • Create/Edit (core_delegateconfiguration_edit)
  • Delete (core_delegateconfiguration_delete)
Delegates
  • View (core_delegate_view)
  • Create/Edit (core_delegate_edit)
  • Delete (core_delegate_delete)

Policies

ResourcePermissions
Governance Policies
  • View (core_governancePolicy_view)
  • Edit (core_governancePolicy_edit)
  • Create (core_governancePolicy_create)
  • Analyse Access Policies(core_accessPolicies_analyze)
  • Delete (core_governancePolicy_delete)
Governance Policy Sets
  • View (core_governancePolicySets_view)
  • Edit (core_governancePolicySets_edit)
  • Create (core_governancePolicySets_create)
  • Delete (core_governancePolicySets_delete)
  • Evaluate (core_governancePolicySets_evaluate)

Discovery

ResourcePermissions
Network Map
  • View (servicediscovery_networkmap_view)
  • Create (servicediscovery_networkmap_create)
  • Edit (servicediscovery_networkmap_edit)
  • Delete (servicediscovery_networkmap_delete)

Supply Chain Assurance

ResourcePermissions
Remediation Tracker
  • View (ssca_remediationtracker_view)
  • Create/Edit (ssca_remediationtracker_edit)
  • Close (ssca_remediationtracker_close)

Webhooks

ResourcePermissions
Webhooks
  • View (core_gitxWebhooks_view)
  • Create/Edit (core_gitxWebhooks_edit)
  • Delete (core_gitxWebhooks_delete)

Input Sets

ResourcePermissions
Input Sets
  • View Input Set (core_inputset_view)
  • Create/Edit Input Set (core_inputset_edit)
  • Delete Input Set(core_inputset_delete)

Module-specific permissions

Chaos Engineering

ResourcePermissions
Chaos Infrastructure
  • View (chaos_chaosinfrastructure_view)
  • Create/Edit (chaos_chaosinfrastructure_edit)
  • Delete (chaos_chaosinfrastructure_delete)
Chaos Gameday
  • View (chaos_chaosgameday_view)
  • Create/Edit (chaos_chaosgameday_edit)
  • Delete (chaos_chaosgameday_delete)
Chaos Hub
  • View: View Chaos experiments and Chaos scenarios (chaos_chaoshub_view)
  • Create/Edit: Connect to ChaosHub Git repo (chaos_chaoshub_edit)
  • Delete: Disconnect ChaosHub Git repo (chaos_chaoshub_delete)
Chaos Experiment
  • View (chaos_chaosexperiment_view)
  • Create/Edit (chaos_chaosexperiment_edit)
  • Delete (chaos_chaosexperiment_delete)
  • Execute (chaos_chaosexperiment_execute)

Cloud Cost Management

ResourcePermissions
Currency Preferences
  • View (ccm_currencyPreference_view)
  • Create/Edit (ccm_currencyPreference_edit)
Overview
  • View (ccm_overview_view)
Cost Categories
  • View (ccm_costCategory_view)
  • Create/Edit (ccm_costCategory_edit)
  • Delete (ccm_costCategory_delete)
Folders
  • View (ccm_folder_view)
  • Create/Edit (ccm_folder_edit)
  • Delete (ccm_folder_delete)
Perspectives
  • View (ccm_perspective_view)
  • Create/Edit (ccm_perspective_edit)
  • Delete (ccm_perspective_delete)
AutoStopping Rules
  • View (ccm_autoStoppingRule_view)
  • Create/Edit (ccm_autoStoppingRule_edit)
  • Delete (ccm_autoStoppingRule_delete)
Budgets
  • View (ccm_budget_view)
  • Create/Edit (ccm_budget_edit)
  • Delete (ccm_budget_delete)
Load Balancer
  • View (ccm_loadBalancer_view)
  • Create/Edit (ccm_loadBalancer_edit)
  • Delete (ccm_loadBalancer_delete)
Data Scop (CCM_DATA_SCOPE)
  • View (ccm_dataScope_view)

Code Repository

ResourcePermissions
Repository
  • View (code_repo_view)
  • Create/Edit (Create repositories and edit repository settings, such as descriptions, webhooks, and rules) (code_repo_edit)
  • Delete (code_repo_delete)
  • Push (Repository contributor permissions, such as committing, pushing, creating/deleting branches, creating/deleting tags) (code_repo_push)
  • Report commit check : Report a Status Check Result on a Commit (code_repo_reportCommitCheck)
  • Review PR: Review Pull Requests in a Code Repository (code_repo_review)

Feature Flags

ResourcePermissions
Feature flags
  • View (ff_featureflag_view)
  • Toggle: Turn Feature Flags on/off (ff_featureflag_toggle)
  • Create/Edit Flag (ff_featureflag_edit)
  • Edit Rule (ff_featureflag_rulesEdit)
  • Edit Configuration (ff_featureflag_configEdit)
  • Delete (ff_featureflag_delete)
Target Management
  • View: View Targets and Target Groups (ff_targetgroup_view)
  • Create/Edit: Create and edit Targets and Target Groups to control visibility of a variation of a Feature Flag (ff_targetgroup_edit)
  • Delete: Delete Targets and Target Groups (ff_targetgroup_delete)

GitOps

ResourcePermissions
Clusters
  • View (gitops_cluster_view)
  • Create/Edit (gitops_cluster_edit)
  • Delete (gitops_cluster_delete)
Agents
  • View (gitops_agent_view)
  • Create/Edit (gitops_agent_edit)
  • Delete (gitops_agent_delete)
GnuPG Keys
  • View (gitops_gpgkey_view)
  • Create/Edit (gitops_gpgkey_edit)
  • Delete (gitops_gpgkey_delete)
Repository Certificates
  • View (gitops_gpgkey_view)
  • Create/Edit (gitops_gpgkey_edit)
  • Delete (gitops_gpgkey_delete)
Applications
  • View (gitops_application_view)
  • Create/Edit (gitops_application_edit)
  • Delete (gitops_application_delete)
  • Sync: Deploy applications (gitops_application_sync)
Repositories
  • View (gitops_repository_view)
  • Create/Edit (gitops_repository_edit)
  • Delete (gitops_repository_delete)
Certificates
  • View GitOps Certificate (gitops_cert_view)
  • Create/Edit GitOps Certificate (gitops_cert_edit)
  • Delete GitOps Certificate(gitops_cert_delete)

Infrastructure as Code

ResourcePermissions
IACM Workspaces
  • View (iac_workspace_view)
  • Create/Edit (iac_workspace_edit)
  • Delete (iac_workspace_delete)
  • Create/Edit Variables (iac_workspace_editvariable)
  • Delete Variables (iac_workspace_deletevariable)
  • Approve (iac_workspace_approve)
  • Access State (iac_workspace_accessstate)

Service Reliability

ResourcePermissions
SLO
  • View (chi_slo_view)
  • Create/Edit (chi_slo_edit)
  • Delete (chi_slo_delete)
Monitored Services
  • View (chi_monitoredservice_view)
  • Create/Edit (chi_monitoredservice_edit)
  • Delete (chi_monitoredservice_delete)
  • Toggle: Toggle Monitored Services on/off (chi_monitoredservice_toggle)
Downtime
  • View (chi_downtime_view)
  • Create/Edit (chi_downtime_edit)
  • Delete (chi_downtime_delete)

Security Tests

ResourcePermissions
Issues
  • View (sto_issue_view)
Scans
  • View (sto_scan_view)
Test Targets
  • View (sto_testtarget_view)
  • Create/Edit (sto_testtarget_edit)
Exemptions
  • View (sto_exemption_view)
  • Create/Edit (sto_exemption_edit)
  • Approve/Reject (sto_exemption_approve)
External Tickets
  • View (sto_ticket_view)
  • Create/Edit (sto_ticket_edit)
  • Delete (sto_ticket_delete)

Internal Developer Portal

ResourcePermissions
Plugins
  • View (idp_plugin_view)
  • Create/Edit (idp_plugin_edit)
  • Toggle (idp_plugin_toggle)
  • Delete (idp_plugin_delete)
Scorecards
  • View (idp_scorecard_view)
  • Create/Edit (idp_scorecard_edit)
  • Delete (idp_scorecard_delete)
Layouts
  • View (idp_layout_view)
  • Create/Edit (idp_layout_edit)
Catalog Access Policies
  • View (idp_catalogaccesspolicy_view)
  • Create (idp_catalogaccesspolicy_create)
  • Edit (idp_catalogaccesspolicy_edit)
  • Delete (idp_catalogaccesspolicy_delete)
Integrations
  • View (idp_integration_view)
  • Create (idp_integration_create)
  • Edit (idp_integration_edit)
  • Delete (idp_integration_delete)
Advanced Configurations
  • View (idp_advancedconfiguration_view)
  • Create/Edit (idp_advancedconfiguration_edit)
  • Delete (idp_advancedconfiguration_delete)

Continuous Error Tracking

ResourcePermissions
Tokens
  • View (cet_token_view)
  • Create/Edit (cet_token_create)
  • Revoke (cet_token_revoke)
Critical Events
  • View (cet_criticalevent_view)
  • Create/Edit (cet_criticalevent_create)
  • Delete (cet_criticalevent_delete)
Agents
  • View (cet_agents_view)