Deployment Application roles and permissions

In the deployment application, you can define role-based access to enable users to perform different operations based on their needs. This access enables users who are not administrators to perform operations such as creating, viewing, copying, and deploying packages.

Related topics

Defining-and-deploying-data-and-object-packages

Accessing-the-AR-System-Deployment-Management-console

Roles and permissions for using the deployment application

The deployment application permission model defines the roles and permissions for users and enables secured access and controlled functionality. The following diagram depicts the permission model:

221_deployment application_roles_permissions.png

See the following table for details of roles and permissions: 

Role

Manage package

Package operation

Transfer package

Create

View

Delete

Copy

Build

Deploy

Rollback

Import

Export

Package Creator

✅️

✅️

✅️

Can delete package if Status = Ready for Export, Draft

✅️

✅️

❌️

❌️

❌️

✅️

Package Deployer

❌️

✅️

✅️

Can delete package if Status = Ready to Deploy, Ready to Export, Rollback, Rollback error, and Deploy error

❌️

❌️

✅️

✅️

✅️

✅️

Administrator

✅️

✅️

✅️

✅️

✅️

✅️

✅️

✅️

✅️

Considerations before assigning permissions

  • Only an Administrator or a Package Creator with AR System Administrator permission can create a package with AR System, CMDB, and Smart IT objects.
  • Only an Administrator can create and deploy a binary payload.
  • With the appropriate application permission, a Package Creator can create a package by using Application Object. 
    For example, to create a package by using the Incident template, a Package Creator must have Incident Configuration permissions. For more information, see Promoting configurations and customizations across environments.
  • Package Creator, without AR System Administration permission, can create a package by using ITSM objects such as SRMAdd Data, and Application Objects.
  • A Package Deployer or a Package Creator can edit only the Notification Email field on the Application Configuration form.

Refer to the following table to understand details about roles:

Role

Description

Package Creator

A Package Creator is a developer responsible for creating a package.

Package Deployer

A Package Deployer is responsible for deploying a package to the target system.

Assigning roles and permissions

You can assign the permissions by using the User form. Make sure that you have groups and roles created before you assign the permissions.

For more information about creating and mapping roles, see  Creating-and-mapping-roles.

For information about creating permissions on the People form, see Creating and modifying People data.

Where to go from here

Defining-and-deploying-data-and-object-packages

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*