Role-based Access Control in CloudBees DevOptics Value Streams

Deepro Basu's picture

Some of the biggest concerns for businesses and enterprises today are governance, risk and compliance (GRC). Failure to abide by and comply with compliance regulations can lead to damaging consequences for organizations - loss of customer trust, financial implications, bad press … the list gets long.

When it comes to IT, most large enterprises today implement a structured GRC approach to align their IT operations with business objectives, while effectively managing risk and meeting compliance requirements. Meeting compliance standards involves IT controls to manage identified risks, as well as auditing those controls to ensure they’re working as intended.

How does that tie back to CloudBees DevOptics?

Good question, here’s how…

One of the crucial controls for IT is access to information, systems and data. This is where Role-based Access Control (RBAC) steps in. As the name suggests, RBAC is all about managing access to information/systems based on one’s role and need to access information that is necessary to effectively perform their job duties. Using RBAC, access to computer resources can be limited to specific tasks such as the ability to view, create or modify content.

When it comes to DevOps, products like CloudBees DevOptics and value streams are crucial to measuring how well your DevOps practices are aligned with business goals, it’s right in the critical path to success, and several of our customers asking for help with RBAC highlights how crucial it is for them.

I am delighted to announce that as of August 2019, all subscriptions of CloudBees DevOptics will offer an ‘observer’ role that provides read-only rights. Our customers can now use this new role to easily contain what their users can and cannot do in DevOptics and value streams.

What does this new role do?

Using this new observer role, you can now determine who can add, modify, and delete your value streams and who can only view information. Once configured for your account, your CloudBees DevOptics admin can easily set up and apply the ‘observer’ role to both existing and new users from the admin console. No changes are needed to existing roles; it’s that simple.

Users with the ‘observer’ role cannot do the following:

  • Create a new value stream

  • Edit an existing value stream

  • Delete a value stream

  • Use the JSON editor

  • Add, edit or delete webhooks

Here’s a comparison of what it looks like for the same user with and without the ‘observer’ role.

Without the observer role:

DevOptics without observer role

With the observer role:

DevOptics with observer role

DevOptics with observer role

Great! How do I get it?

Your customer success manager is your best friend. Please reach out to them to set your account up for the ‘observer’ role.

You can also refer to the documentation here.

We understand how critical governance, risk and compliance are to your business, and that is why we, at CloudBees, continuously improve governance and controls in our products. We are eager to hear your feedback.

Additional resources