Skip to main content

Permissions reference

Last updated on

This topic describes permissions relevant to RBAC in Harness. For API permissions, go to the API permissions reference.

note

Types of Permission:

StatusDescription
EXPERIMENTALAvailable for role assignment but RBAC will not be enforced, that is the access checks always return true.
ACTIVEAvailable for role assignment with RBAC enforced.
DEPRECATEDAvailable for role assignment with RBAC enforced but the permission will be moved to the INACTIVE state after some time.
INACTIVENo longer supported and access checks always return true.

Administrative Functions

ResourcePermissionsStatus
Resource Groups
  • View (core_resourcegroup_view)
  • Create/Edit (core_resourcegroup_edit)
  • Delete (core_resourcegroup_delete)
Active
Account SettingsAvailable at the account scope only.
  • View (core_setting_view)
  • Edit (core_setting_edit)
Active
Default Settings
  • Create/Edit
Active
Projects
  • View (core_project_view)
  • Create (core_project_create)
  • Edit (core_project_edit)
  • Delete (core_project_delete)
  • Move (core_project_move)
Active
User Groups
  • View (core_usergroup_view)
  • Manage: Create, edit, and delete user groups (core_usergroup_manage) – Default permission.
      Note: You can enable feature flags to split the default Manage permission into granular permissions for finer control.
    • Create (core_usergroup_create)
    • Edit metadata (core_usergroup_editMetadata)
    • Delete (core_usergroup_delete)
    • Manage users (core_usergroup_manageUsers)
    • Manage through SSO (core_usergroup_manageSSO)
    • Manage through SCIM (core_usergroup_manageSCIM)
    • Manage notifications (core_usergroup_manageNotifications)
    • Manage role assignments (core_usergroup_manageRoleAssignments)
Active
Service Accounts
  • View (core_serviceaccount_view)
  • Create/Edit (core_serviceaccount_edit)
  • Delete (core_serviceaccount_delete)
  • Manage: Create, edit, and delete API keys and tokens for service accounts (core_serviceaccount_manageapikey)
  • List Service Accounts (core_serviceaccount_list)
Active
OrganizationsAvailable at the account and org scopes only.
  • View (core_organization_view)
  • Create (core_organization_create)
  • Edit (core_organization_edit)
  • Delete (core_organization_delete)
Active
Roles
  • View (core_role_view)
  • Create/Edit (core_role_edit)
  • Delete (core_role_delete)
Active
Streaming DestinationAvailable at the account scope only.
  • View (core_streamingDestination_view)
  • Create/Edit (core_streamingDestination_edit)
  • Delete (core_streamingDestination_delete)
Experimental
BannersAvailable at the account scope only.
  • View (core_banner_view)
  • Create/Edit (core_banner_edit)
  • Delete (core_banner_delete)
Active
Users
  • View (core_user_view)
  • Manage: Edit and delete users (core_user_manager)
  • Invite: Add users by inviting them to Harness (core_user_invite)
  • Impersonate Users (core_user_impersonate)
Active
Authentication SettingsAvailable at the account scope only.
  • View (core_authsetting_view)
  • Create/Edit (core_authsetting_edit)
  • Delete (core_authsetting_delete)
Active
SMTP Configuration
  • View (core_smtp_view)
  • Create/Edit (core_smtp_edit)
  • Delete (core_smtp_delete)
Active
Certificates
  • View (core_certificate_view)
  • Create/Edit (core_certificate_edit)
  • Delete (core_certificate_delete)
Active
Account Management
  • View (core_account_view)
  • Edit (core_account_edit)
Active
Licenses
  • View (core_license_view)
  • Edit (core_license_edit)
Active
Audit
  • View (core_audit_view)
Active
Deployment Freezes
  • Manage (core_deploymentfreeze_manage)
  • Global (core_deploymentfreeze_global)
Active
Providers
  • View (core_provider_view)
  • Create/Edit (core_provider_edit)
  • Delete (core_provider_delete)
Experimental

Monitoring

ResourcePermissionsStatus
Monitoring Agents
  • View (monitoring_monitoringagent_view)
  • Create (monitoring_monitoringagent_create)
  • Edit (monitoring_monitoringagent_edit)
  • Delete (monitoring_monitoringagent_delete)
Experimental
Service Level Objectives
  • View (iro_iromanager_view)
  • Create (iro_iromanager_create)
  • Edit (iro_iromanager_edit)
  • Delete (iro_iromanager_delete)
Experimental

Environment Groups

ResourcePermissionsStatus
Environment Groups
  • View (core_environmentgroup_view)
  • Create/Edit (core_environmentgroup_edit)
  • Delete (core_environmentgroup_delete)
  • Access: Can access referenced environment groups at runtime (core_environmentgroup_access)
Active

Environments

ResourcePermissionsStatus
Environments
  • View (core_environment_view)
  • Create/Edit (core_environment_edit)
  • Delete (core_environment_delete)
  • Access: Can access referenced environments at runtime (core_environment_access)
  • Rollback (core_environment_rollback)
  • View FF SDK Key: View Feature Flag environment key (ff_environment_apiKeyView)
  • Create FF SDK Key: Create Feature Flag environment key (ff_environment_apiKeyCreate)
  • Delete FF SDK Key: Delete Feature Flag environment key (ff_environment_apiKeyDelete)
Active

Pipelines

ResourcePermissionsStatus
Pipelines
  • View (core_pipeline_view)
  • Create/Edit (core_pipeline_edit)
  • Delete (core_pipeline_delete)
  • Execute: Initiate pipeline runs (core_pipeline_execute)
  • Abort Pipeline (core_pipeline_abort)
Active

Services

ResourcePermissionsStatus
Services
  • View (core_service_view)
  • Create/Edit (core_service_edit)
  • Delete (core_service_delete)
  • Access: Can access referenced services at runtime (core_service_access)
Active

Shared Resources

ResourcePermissionsStatus
Templates
  • View (core_template_view)
  • Create/Edit (core_template_edit)
  • Delete (core_template_delete)
  • Access: Can access referenced templates at runtime (core_template_access)
  • Copy (core_template_copy)
Active
Deployment Freeze
  • Manage (core_deploymentfreeze_manager)
  • Override (core_deploymentfreeze_override)
  • Global (global)
Active
Secrets
  • View (core_secret_view)
  • Create/Edit (core_secret_edit) – Default permission.
      Note: You can enable feature flags to split the default Create/Edit permission into separate Create and Edit permissions for more granular control. See the documentation for details.
    • Create (core_secret_create)
    • Edit (core_secret_edit)
  • Delete (core_secret_delete)
  • Access (core_secret_access)
Active
Connectors
  • View (core_connector_view)
  • Create/Edit (core_connector_edit)
  • Delete (core_connector_delete)
  • Access: Can access referenced connectors at runtime (core_connector_access)
Active
Variables
  • View (core_variable_view)
  • Create/Edit (core_variable_edit)
  • Delete (core_variable_delete)
Active
Files
  • View (core_file_view)
  • Create/Edit (core_file_edit)
  • Delete (core_file_delete)
  • Access (core_file_access)
Active
Dashboards
  • View (core_dashboards_view)
  • Manage (core_dashboards_edit)
Active
Delegate Configurations
  • View (core_delegateconfiguration_view)
  • Create/Edit (core_delegateconfiguration_edit)
  • Delete (core_delegateconfiguration_delete)
Active
Delegates
  • View (core_delegate_view)
  • Create/Edit (core_delegate_edit)
  • Delete (core_delegate_delete)
Active

Policies

ResourcePermissionsStatus
Governance Policies
  • View (core_governancePolicy_view)
  • Edit (core_governancePolicy_edit)
  • Create (core_governancePolicy_create)
  • Analyse Access Policies (core_accessPolicies_analyze)
  • Delete (core_governancePolicy_delete)
Active
Governance Policy Sets
  • View (core_governancePolicySets_view)
  • Edit (core_governancePolicySets_edit)
  • Create (core_governancePolicySets_create)
  • Delete (core_governancePolicySets_delete)
  • Evaluate (core_governancePolicySets_evaluate)
Active

Discovery

ResourcePermissionsStatus
Network Map
  • View (servicediscovery_networkmap_view)
  • Create (servicediscovery_networkmap_create)
  • Edit (servicediscovery_networkmap_edit)
  • Delete (servicediscovery_networkmap_delete)
Active

Supply Chain Security

ResourcePermissionsStatus
Remediation Tracker
  • View (ssca_remediationtracker_view)
  • Create/Edit (ssca_remediationtracker_edit)
  • Close (ssca_remediationtracker_close)
Active

Webhooks

ResourcePermissionsStatus
Webhooks
  • View (core_gitxWebhooks_view)
  • Create/Edit (core_gitxWebhooks_edit)
  • Delete (core_gitxWebhooks_delete)
Active

Notifications

ResourcePermissionsStatus
Notification Rules
  • View (core_notificationrule_view)
  • Create/Edit (core_notificationrule_edit)
  • Delete (core_notificationrule_delete)
EXPERIMENTAL
Notification Channels
  • View (core_notificationchannel_view)
  • Create/Edit (core_notificationchannel_edit)
  • Delete (core_notificationchannel_delete)
EXPERIMENTAL
Legacy Notifications
  • View (core_notification_view)
  • Create/Edit (core_notification_edit)
  • Delete (core_notification_delete)
DEPRECATED

Input Sets

ResourcePermissionsStatus
Input Sets
  • View Input Set (core_inputset_view)
  • Create/Edit Input Set (core_inputset_edit)
  • Delete Input Set (core_inputset_delete)
Active

Module-specific permissions

Chaos Engineering

ResourcePermissionsStatus
Chaos Infrastructure
  • View (chaos_chaosinfrastructure_view)
  • Create/Edit (chaos_chaosinfrastructure_edit)
  • Delete (chaos_chaosinfrastructure_delete)
Active
Chaos Gameday
  • View (chaos_chaosgameday_view)
  • Create/Edit (chaos_chaosgameday_edit)
  • Delete (chaos_chaosgameday_delete)
Active
Chaos Hub
  • View: View Chaos experiments and Chaos scenarios (chaos_chaoshub_view)
  • Create/Edit: Connect to ChaosHub Git repo (chaos_chaoshub_edit)
  • Delete: Disconnect ChaosHub Git repo (chaos_chaoshub_delete)
Active
Chaos Experiment
  • View (chaos_chaosexperiment_view)
  • Create/Edit (chaos_chaosexperiment_edit)
  • Delete (chaos_chaosexperiment_delete)
  • Execute (chaos_chaosexperiment_execute)
  • Execute Pipeline (chaos_chaosexperiment_executepipeline)
Active
Chaos Probe
  • View (chaos_chaosprobe_view)
  • Create/Edit (chaos_chaosprobe_edit)
  • Delete (chaos_chaosprobe_delete)
Active
Chaos Security Governance
  • View (chaos_chaossecuritygovernance_view)
  • Create/Edit (chaos_chaossecuritygovernance_edit)
  • Delete (chaos_chaossecuritygovernance_delete)
Active
Chaos Image Registry
  • View (chaos_chaosimageregistry_view)
  • Create/Edit (chaos_chaosimageregistry_edit)
Active

Cloud Cost Management

ResourcePermissionsStatus
Currency Preferences
  • View (ccm_currencyPreference_view)
  • Create/Edit (ccm_currencyPreference_edit)
Active
Overview
  • View (ccm_overview_view)
Active
Cost Categories
  • View (ccm_costCategory_view)
  • Create/Edit (ccm_costCategory_edit)
  • Delete (ccm_costCategory_delete)
Active
Folders
  • View (ccm_folder_view)
  • Create/Edit (ccm_folder_edit)
  • Delete (ccm_folder_delete)
Active
Perspectives
  • View (ccm_perspective_view)
  • Create/Edit (ccm_perspective_edit)
  • Delete (ccm_perspective_delete)
Active
AutoStopping Rules
  • View (ccm_autoStoppingRule_view)
  • Create/Edit (ccm_autoStoppingRule_edit)
  • Delete (ccm_autoStoppingRule_delete)
Active
Budgets
  • View (ccm_budget_view)
  • Create/Edit (ccm_budget_edit)
  • Delete (ccm_budget_delete)
Active
Load Balancer
  • View (ccm_loadBalancer_view)
  • Create/Edit (ccm_loadBalancer_edit)
  • Delete (ccm_loadBalancer_delete)
Active
Data Scope
  • View (ccm_dataScope_view)
Active
Anomalies
  • View (ccm_anomalies_view)
Active
Recommendations
  • View (ccm_recommendations_view)
  • Manage (ccm_recommendations_manage)
Active
Commitment Orchestrator
  • View (ccm_commitmentOrchestrator_view)
  • Edit (ccm_commitmentOrchestrator_edit)
Active
Cluster Orchestrator
  • View (ccm_clusterOrchestrator_view)
  • Edit (ccm_clusterOrchestrator_edit)
Experimental
Cloud Asset Governance Rule
  • View (ccm_cloudAssetGovernanceRule_view)
  • Create/Edit (ccm_cloudAssetGovernanceRule_edit)
  • Delete (ccm_cloudAssetGovernanceRule_delete)
  • Execute (ccm_cloudAssetGovernanceRule_execute)
Active
Cloud Asset Governance Rule Set
  • View (ccm_cloudAssetGovernanceRuleSet_view)
  • Create/Edit (ccm_cloudAssetGovernanceRuleSet_edit)
  • Delete (ccm_cloudAssetGovernanceRuleSet_delete)
Active
Cloud Asset Governance Enforcement
  • View (ccm_cloudAssetGovernanceEnforcement_view)
  • Create/Edit (ccm_cloudAssetGovernanceEnforcement_edit)
  • Delete (ccm_cloudAssetGovernanceEnforcement_delete)
Active

Code Repository

ResourcePermissionsStatus
Repository
  • View (code_repo_view)
  • Create/Edit (Create repositories and edit repository settings, such as descriptions, webhooks, and rules) (code_repo_edit)
  • Delete (code_repo_delete)
  • Push (Repository contributor permissions, such as committing, pushing, creating/deleting branches, creating/deleting tags) (code_repo_push)
  • Report commit check : Report a Status Check Result on a Commit (code_repo_reportCommitCheck)
  • Review PR: Review Pull Requests in a Code Repository (code_repo_review)
  • Create Repository (code_repo_create)
Active

Feature Flags

ResourcePermissionsStatus
Feature flags
  • View (ff_featureflag_view)
  • Toggle: Turn Feature Flags on/off (ff_featureflag_toggle)
  • Create/Edit Flag (ff_featureflag_edit)
  • Edit Rule (ff_featureflag_rulesEdit)
  • Edit Configuration (ff_featureflag_configEdit)
  • Delete (ff_featureflag_delete)
Active
Target Management
  • View: View Targets and Target Groups (ff_targetgroup_view)
  • Create/Edit: Create and edit Targets and Target Groups to control visibility of a variation of a Feature Flag (ff_targetgroup_edit)
  • Delete: Delete Targets and Target Groups (ff_targetgroup_delete)
Active
Feature Flag
  • Create (ff_featureflag_create)
Active
Target
  • View (ff_target_view)
Active
Environment
  • View (ff_environment_view)
  • Edit (ff_environment_edit)
  • Target Group Edit (ff_environment_targetGroupEdit)
Active
Proxy API Keys
  • View (ff_proxyapikey_view)
  • Create (ff_proxyapikey_create)
  • Edit (ff_proxyapikey_edit)
  • Delete (ff_proxyapikey_delete)
  • Rotate (ff_proxyapikey_rotate)
Active

GitOps

ResourcePermissionsStatus
Clusters
  • View (gitops_cluster_view)
  • Create/Edit (gitops_cluster_edit)
  • Delete (gitops_cluster_delete)
Active
Agents
  • View (gitops_agent_view)
  • Create/Edit (gitops_agent_edit)
  • Delete (gitops_agent_delete)
Active
GnuPG Keys
  • View (gitops_gpgkey_view)
  • Create/Edit (gitops_gpgkey_edit)
  • Delete (gitops_gpgkey_delete)
Active
Repository Certificates
  • View (gitops_gpgkey_view)
  • Create/Edit (gitops_gpgkey_edit)
  • Delete (gitops_gpgkey_delete)
Active
Applications
  • View (gitops_application_view)
  • Create/Edit (gitops_application_edit)
  • Delete (gitops_application_delete)
  • Sync: Deploy applications (gitops_application_sync)
Active
Application Sets
  • View (gitops_applicationset_view)
  • Create/Edit (gitops_applicationset_edit)
  • Delete (gitops_applicationset_delete)
Experimental
Repositories
  • View (gitops_repository_view)
  • Create/Edit (gitops_repository_edit)
  • Delete (gitops_repository_delete)
Active
Certificates
  • View (gitops_cert_view)
  • Create/Edit (gitops_cert_edit)
  • Delete (gitops_cert_delete)
Active

Infrastructure as Code

ResourcePermissionsStatus
IACM Workspaces
  • View (iac_workspace_view)
  • Create/Edit (iac_workspace_edit)
  • Delete (iac_workspace_delete)
  • Create/Edit Variables (iac_workspace_editvariable)
  • Delete Variables (iac_workspace_deletevariable)
  • Approve (iac_workspace_approve)
  • Access State (iac_workspace_accessstate)
Active
Registry
  • View (iac_registry_view)
  • Create/Edit (iac_registry_edit)
  • Delete (iac_registry_delete)
Active
Variable Sets
  • View (iac_variableset_view)
  • Create/Edit (iac_variableset_edit)
  • Delete (iac_variableset_delete)
Experimental

Service Reliability

ResourcePermissionsStatus
SLO
  • View (chi_slo_view)
  • Create/Edit (chi_slo_edit)
  • Delete (chi_slo_delete)
Active
Monitored Services
  • View (chi_monitoredservice_view)
  • Create/Edit (chi_monitoredservice_edit)
  • Delete (chi_monitoredservice_delete)
  • Toggle: Toggle Monitored Services on/off (chi_monitoredservice_toggle)
Active
Downtime
  • View (chi_downtime_view)
  • Create/Edit (chi_downtime_edit)
  • Delete (chi_downtime_delete)
Active

Security Tests

ResourcePermissionsStatus
Issues
  • View (sto_issue_view)
Active
Scans
  • View (sto_scan_view)
Active
Test Targets
  • View (sto_testtarget_view)
  • Create/Edit (sto_testtarget_edit)
Active
Exemptions
  • View (sto_exemption_view)
  • Create/Edit (sto_exemption_create)
  • Approve/Reject (sto_exemption_approve)
Active
External Tickets
  • View (sto_ticket_view)
  • Create/Edit (sto_ticket_edit)
  • Delete (sto_ticket_delete)
Active

Internal Developer Portal

ResourcePermissionsStatus
Plugins
  • View (idp_plugin_view)
  • Create/Edit (idp_plugin_edit)
  • Toggle (idp_plugin_toggle)
  • Delete (idp_plugin_delete)
Active
Scorecards
  • View (idp_scorecard_view)
  • Create/Edit (idp_scorecard_edit)
  • Delete (idp_scorecard_delete)
Active
Layouts
  • View (idp_layout_view)
  • Create/Edit (idp_layout_edit)
Active
Catalog Access Policies
  • View (idp_catalogaccesspolicy_view)
  • Create (idp_catalogaccesspolicy_create)
  • Edit (idp_catalogaccesspolicy_edit)
  • Delete (idp_catalogaccesspolicy_delete)
Active
Integrations
  • View (idp_integration_view)
  • Create (idp_integration_create)
  • Edit (idp_integration_edit)
  • Delete (idp_integration_delete)
Active
Advanced Configurations
  • View (idp_advancedconfiguration_view)
  • Create/Edit (idp_advancedconfiguration_edit)
  • Delete (idp_advancedconfiguration_delete)
Active
Catalog
  • View (idp_catalog_view)
  • Create/Edit (idp_catalog_edit)
  • Delete (idp_catalog_delete)
Active
Workflow
  • View (idp_workflow_view)
  • Create/Edit (idp_workflow_edit)
  • Delete (idp_workflow_delete)
  • Execute (idp_workflow_execute)
Active

Continuous Error Tracking

ResourcePermissionsStatus
Tokens
  • View (cet_token_view)
  • Create/Edit (cet_token_create)
  • Revoke (cet_token_revoke)
Active
Critical Events
  • View (cet_criticalevent_view)
  • Create/Edit (cet_criticalevent_create)
  • Delete (cet_criticalevent_delete)
Active
Agents
  • View (cet_agents_view)
Active

Database DevOps

ResourcePermissionsStatus
Schemas
  • View (dbops_schema_view)
  • Create/Edit (dbops_schema_edit)
  • Delete (dbops_schema_delete)
Active
Instances
  • View (dbops_instance_view)
  • Create/Edit (dbops_instance_edit)
  • Delete (dbops_instance_delete)
Active

Artifact Management

ResourcePermissionsStatus
Artifact Registry
  • View (artifact_artregistry_view)
  • Create/Edit (artifact_artregistry_edit)
  • Delete (artifact_artregistry_delete)
  • Upload Artifact (artifact_artregistry_uploadartifact)
  • Download Artifact (artifact_artregistry_downloadartifact)
  • Delete Artifact (artifact_artregistry_deleteartifact)
Active

Software Engineering Insights

ResourcePermissionsStatus
SEI Collections
  • View (sei_seicollections_view)
  • Create (sei_seicollections_create)
  • Edit (sei_seicollections_edit)
  • Delete (sei_seicollections_delete)
Active
SEI Configuration Settings
  • View (sei_seiconfigurationsettings_view)
  • Create (sei_seiconfigurationsettings_create)
  • Edit (sei_seiconfigurationsettings_edit)
  • Delete (sei_seiconfigurationsettings_delete)
Active
SEI Data Settings
  • View (sei_seidatasettings_view)
  • Create (sei_seidatasettings_create)
  • Edit (sei_seidatasettings_edit)
  • Delete (sei_seidatasettings_delete)
Active
SEI Insights
  • View (sei_seiinsights_view)
  • Create (sei_seiinsights_create)
  • Edit (sei_seiinsights_edit)
  • Delete (sei_seiinsights_delete)
Active
SEI Insight Categories
  • View (sei_seiinsightscategory_view)
Active
SEI Teams
  • View (sei_seiteams_view)
  • Create (sei_seiteams_create)
  • Edit (sei_seiteams_edit)
  • Delete (sei_seiteams_delete)
Active
SEI Profiles
  • View (sei_seiprofiles_view)
  • Create (sei_seiprofiles_create)
  • Edit (sei_seiprofiles_edit)
  • Delete (sei_seiprofiles_delete)
Active

Feature Management and Experimentation

ResourcePermissionsStatus
FME Environment
  • View (fme_fmeenvironment_view)
  • Create/Edit (fme_fmeenvironment_edit)
  • SDK API Key View (fme_fmeenvironment_sdkApiKeyView)
  • SDK API Key Edit (fme_fmeenvironment_sdkApiKeyEdit)
  • Data Export View (fme_fmeenvironment_dataExportView)
  • Data Export Edit (fme_fmeenvironment_dataExportEdit)
Active
FME Feature Flag
  • View (fme_fmefeatureflag_view)
  • Create/Edit (fme_fmefeatureflag_edit)
Active
FME Experiment
  • View (fme_fmeexperiment_view)
  • Create/Edit (fme_fmeexperiment_edit)
Active
FME Segment
  • View (fme_fmesegment_view)
  • Create/Edit (fme_fmesegment_edit)
Active
FME Metric
  • View (fme_fmemetric_view)
  • Create/Edit (fme_fmemetric_edit)
Active
FME Traffic Type
  • View (fme_fmetraffictype_view)
  • Create/Edit (fme_fmetraffictype_edit)
Active