Team permissions
There are two team permissions:
Permission | Description |
---|---|
Manage all teams | User can:
|
Manage my teams | User can view, update, deactivate, and map resources to teams that they are part of. |
Permissions affected when teams are enabled
Both of the above mentioned team permissions are assigned to users who manage teams. Team members do not require a specific team permission, however their permissions and workflows are affected once teams are enabled.
The following permissions and workflows are affected when teams are enabled:
General permissions
Manager of all teams | Manager of specific teams | Team member | |
---|---|---|---|
Create and delete teams | Can create and delete teams within the account. | Cannot perform this action. | Cannot perform this action. |
View list of teams | Can view all teams within the account. | Can view teams they are assigned to. | Can view teams they are assigned to. |
Activate or deactivate team | Can activate or deactivate any teams within the account. | Can activate or deactivate teams they are assigned to. | Cannot perform this action. |
Update team | Can update any teams within the account. | Can update teams they are assigned to. | Cannot perform this action. |
Keypair, certificate, and sign permissions
Manager of all teams | Manager of specific teams | Team member | |
---|---|---|---|
Create keypair | Can create keypair and assign to any team in the account, provided that they also have the | Can create keypair and assign to a team that they are part of, provided that they also have the | Can create keypair and assign to a team that they are part of, provided that they also have the |
Can create keypair and assign to a team that they are part of, provided that they also have the | |||
Generate CSR | Can generate a CSR for any keypair in the account, provided that they also have the | Can generate a CSR for keypairs assigned to a team that they are part of, provided that they also have the | Can generate a CSR for keypairs assigned to a team that they are part of, provided that they also have the |
Update keypairs and key rotations | Can update any keypair and key rotation in the account, provided that they also have the 참고This includes keypairs that were assigned to specific users or a user group before teams were enabled and is not assigned to a team now. | Can update any keypair and key rotation assigned to a team that they are part of, provided that they also have the | Can update any keypair and key rotation assigned to a team that they are part of, provided that they also have the |
View standard keypairs, GPG keys and key rotations | Can view all standard keypairs, GPG keys, and key rotations within the account, provided that they also have the | Can view all standard keypairs, GPG keys, and key rotations assigned to a team that they are part of, provided that they also have the | Can view all standard keypairs, GPG keys, and key rotations assigned to a team that they are part of, provided that they also have the |
Sign | Can sign with any standard or GPG key assigned to a team that they are part of, provided that they also have the | Can sign with any standard or GPG keypair assigned to a team that they are part of, provided that they also have the | Can sign with any standard or GPG keypair assigned to a team that they are part of, provided that they also have the |
Suspend or unsuspend keypair | Can suspend or unsuspend any keypair in the account, provided that they also have the | Can suspend or unsuspend keypairs assigned to a team that they are part of, provided that they also have the | Can suspend or unsuspend keypairs assigned to a team that they are part of, provided that they also have the |
Refresh keypair | Can refresh any dynamic keypair in the account, provided that they also have the | Can refresh dynamic keypairs assigned to a team that they are part of, provided that they also have the | Can refresh dynamic keypairs assigned to a team that they are part of, provided that they also have the |
Request keypair export, keypair deletion, or certificate revocation | Can request these actions for any team within the account, provided that they have the associated permissions. | Can request these actions for any team they are assigned to, provided that they have the associated permissions. | Can request these for any team they are assigned to, provided that they have the associated permissions. |
View certificates | Can view all certificates within the account, provided that they also have the | Can view all certificates assigned to a team that they are part of, provided that they also have the | Can view all certificates assigned to a team that they are part of, provided that they also have the |
Update and delete certificates | Can update and delete all certificates within the account, provided that they also have the | Can update and delete all certificates associated to keypairs assigned to a team that they are part of, provided that they also have the | Can update and delete all certificates associated with keypairs assigned to a team that they are part of, provided that they also have the |
Can update and delete all certificates associated to keypairs assigned to a team that they are part of, provided that they also have the | |||
Import certificate | Can import a certificate to any keypair in the account, provided that they also have the | Can import a certificate to any keypair assigned to a team that they are part of, provided that they also have the | Can import a certificate to any keypair assigned to a team that they are part of, provided that they also have the |
Can import a certificate to any keypair assigned to a team that they are part of, provided that they also have the | |||
Create certificate | Can create certificate for any keypair within the account, provided that they also have the | Can create certificate for keypairs assigned to a team that they are part of, provided that they also have the | Can create certificate for keypairs assigned to a team that they are part of, provided that they also have the |
Can create certificate for keypairs assigned to a team that they are part of, provided that they also have the | |||
Revoke certificate | Can revoke any certificate in the account, provided that they also have the | Can revoke certificates assigned to a team that they are part of, provided that they also have the | Can revoke certificates assigned to a team that they are part of, provided that they have the |
Can revoke certificates assigned to a team that they are part of, provided that they also have the | |||
Generate GPG master key | Can create GPG master keypair and assign to any team in the account, provided that they also have the | Can create GPG master keypair and assign to a team that they are part of, provided that they also have the | Can create GPG master keypair and assign to a team that they are part of, provided that they also have the |
Can create GPG master key and assign to a team that they are part of, provided that they also have the | |||
Generate GPG subkey | Can create GPG subkey using any GPG master key and assign to any team in the account, provided that they also have the | Can create GPG subkey for GPG master keys assigned to a team that they are part of, provided that they also have the 참고This includes creating a subkey using team A's master key and assigning it to team B, provided that this user is part of both teams. | Can create GPG subkey for GPG master keys assigned to a team that they are part of, provided that they also have the 참고This includes creating a subkey using team A's master key and assigning it to team B, provided that this user is part of both teams. |
Can create GPG subkey and assign to a team that they are part of, provided that they also have the 참고This includes creating a subkey using team A's master key and assigning it to team B, provided that this user is part of both teams. | |||
Update GPG master key | Can update GPG master and assign to any team in the account, provided that they also have the 참고This includes GPG master keys that were assigned to specific users or a user group before teams were enabled and is not assigned to a team now. | Can update GPG master keys assigned to a team that they are part of, provided that they also have the | Can update GPG master keys assigned to a team that they are part of, provided that they also have the |
Update GPG subkey | Can update GPG subkeys and assign to any team in the account, provided that they also have the 참고This includes GPG subkeys that were assigned to specific users or a user group before teams were enabled and is not assigned to a team now. | Can update GPG subkeys assigned to a team that they are part of, provided that they also have the | Can update GPG subkeys assigned to a team that they are part of, provided that they also have the |
Revoke GPG master | Can revoke any GPG master in the account, provided that they also have the | Can revoke GPG master keys assigned to a team that they are part of, provided that they also have the | Can revoke GPG master keys assigned to a team that they are part of, provided that they also have the |
Can revoke GPG master keys assigned to a team that they are part of, provided that they also have the | |||
Revoke GPG subkey | Can revoke any GPG subkey in the account, provided that they also have the | Can revoke GPG subkeys assigned to a team that they are part of, provided that they also have the | Can revoke GPG subkeys assigned to a team that they are part of, provided that they also have the |
Can revoke GPG subkeys assigned to a team that they are part of, provided that they also have the | |||
Suspend or unsuspend GPG master key | Can suspend or unsuspend all GPG master keys in the account, provided that they also have the | Can suspend or unsuspend all GPG master keys assigned to a team they are part of, provided that they also have the | Can suspend or unsuspend all GPG master keys assigned to a team they are part of, provided that they also have the |
Suspend or unsuspend GPG subkey | Can suspend or unsuspend all GPG subkeys in the account, provided that they also have the | Can suspend or unsuspend all GPG subkeys assigned to a team they are part of, provided that they also have the | Can suspend or unsuspend all GPG subkeys assigned to a team they are part of, provided that they also have the |
Request to delete GPG master key | Can request to delete any GPG master keys in the account, provided that they also have the | Can request to delete GPG master key assigned to teams they are part of, provided that they also have the | Can request to delete GPG master key assigned to teams they are part of, provided that they also have the |
Can request to delete GPG master key assigned to teams they are part of, provided that they also have the | |||
Request to delete GPG subkey | Can request to delete any GPG subkey assigned to any team in the account, provided that they also have the | Can request to delete GPG subkeys assigned to teams they are part of, provided that they also have the | Can request to delete GPG subkeys assigned to teams they are part of, provided that they also have the |
Release and signature log permissions
Manager of all teams | Manager of specific teams | Team member | |
---|---|---|---|
View releases and associated signature logs | Can view all releases and signature logs within the account, provided that they have | Can view all releases assigned to a team that they are part of, including signature logs related to those releases, provided that they have | Can view all releases that they are part of, including signature logs related to those releases, provided that they have |
Create and update releases | Can create and update all releases within the account, this includes selecting any baseline in the account, provided that they have | Can create and update all releases assigned to a team that they are part of. This includes selecting any baseline associated with a team they are part of, provided that they have | Can create and update all releases assigned to a team that they are part of. This includes selecting any baseline associated with a team they are a part of, provided that they have |
Approve and reject releases | Can approve or reject releases assigned to a team that they are part of, provided that they also have the | Can approve or reject releases assigned to a team that they are part of, provided that they also have the | Can approve or reject releases assigned to a team that they are part of, provided that they also have the |
Create release comparison and baseline | Can compare any releases within the account and create a baseline, provided that they also have | Can compare releases assigned to a team that they are part of and create a baseline, provided that they also have | Can compare releases assigned to a team that they are part of and create a baseline, provided that they also have |
Close release | Can close any release in the account, provided that they also have the | Can close releases assigned to a team that they are part of, provided that they also have the | Can close releases assigned to a team that they are part of, provided that they created the release, part of the release, and also have the |
Can close any release in the account, provided that they created the release and also have the | Can close releases assigned to a team that they are part of, provided that they created the release and also have the |