Skip to main content

Permissions reference

This topic describes permissions relevant to RBAC in Harness. For API permissions, go to the API permissions reference.

note

Types of Permission:

Status	Description
EXPERIMENTAL	Available for role assignment but RBAC will not be enforced, that is the access checks always return true.
ACTIVE	Available for role assignment with RBAC enforced.
DEPRECATED	Available for role assignment with RBAC enforced but the permission will be moved to the INACTIVE state after some time.
INACTIVE	No longer supported and access checks always return true.

Administrative Functions

Resource	Permissions	Status
Resource Groups	View (`core_resourcegroup_view`) Create/Edit (`core_resourcegroup_edit`) Delete (`core_resourcegroup_delete`)	Active
Account Settings	Available at the account scope only. View (`core_setting_view`) Edit (`core_setting_edit`)	Active
Default Settings	Create/Edit	Active
Projects	View (`core_project_view`) Create (`core_project_create`) Edit (`core_project_edit`) Delete (`core_project_delete`)	Active
User Groups	View (`core_usergroup_view`) Manage: Create, edit, and delete user groups (`core_usergroup_manage`)	Active
Service Accounts	View (`core_serviceaccount_view`) Create/Edit (`core_serviceaccount_edit`) Delete (`core_serviceaccount_delete`) Manage: Create, edit, and delete API keys and tokens for service accounts (`core_serviceaccount_manageapikey`) List Service Accounts (`core_serviceaccount_list`)	Active
Organizations	Available at the account and org scopes only. View (`core_organization_view`) Create (`core_organization_create`) Edit (`core_organization_edit`) Delete (`core_organization_delete`)	Active
Roles	View (`core_role_view`) Create/Edit (`core_role_edit`) Delete (`core_role_delete`)	Active
Streaming Destination	Available at the account scope only. View (`core_streamingDestination_view`) Create/Edit (`core_streamingDestination_edit`) Delete (`core_streamingDestination_delete`)	Experimental
Banners	Available at the account scope only. View (`core_banner_view`) Create/Edit (`core_banner_edit`) Delete (`core_banner_delete`)	Active
Users	View (`core_user_view`) Manage: Edit and delete users (`core_user_manager`) Invite: Add users by inviting them to Harness (`core_user_invite`) Impersonate Users (`core_user_impersonate`)	Active
Authentication Settings	Available at the account scope only. View (`core_authsetting_view`) Create/Edit (`core_authsetting_edit`) Delete (`core_authsetting_delete`)	Active
SMTP Configuration	View (`core_smtp_view`) Create/Edit (`core_smtp_edit`) Delete (`core_smtp_delete`)	Active
Certificates	View (`core_certificate_view`) Create/Edit (`core_certificate_edit`) Delete (`core_certificate_delete`)	Active
Account Management	View (`core_account_view`) Edit (`core_account_edit`)	Active
Licenses	View (`core_license_view`) Edit (`core_license_edit`)	Active
Audit	View (`core_audit_view`)	Active
Deployment Freezes	Manage (`core_deploymentfreeze_manage`) Global (`core_deploymentfreeze_global`)	Active
Providers	View (`core_provider_view`) Create/Edit (`core_provider_edit`) Delete (`core_provider_delete`)	Experimental

Monitoring

Resource	Permissions	Status
Monitoring Agents	View (`monitoring_monitoringagent_view`) Create (`monitoring_monitoringagent_create`) Edit (`monitoring_monitoringagent_edit`) Delete (`monitoring_monitoringagent_delete`)	Experimental
Service Level Objectives	View (`iro_iromanager_view`) Create (`iro_iromanager_create`) Edit (`iro_iromanager_edit`) Delete (`iro_iromanager_delete`)	Experimental

Environment Groups

Resource	Permissions	Status
Environment Groups	View (`core_environmentgroup_view`) Create/Edit (`core_environmentgroup_edit`) Delete (`core_environmentgroup_delete`) Access: Can access referenced environment groups at runtime (`core_environmentgroup_access`)	Active

Environments

Resource	Permissions	Status
Environments	View (`core_environment_view`) Create/Edit (`core_environment_edit`) Delete (`core_environment_delete`) Access: Can access referenced environments at runtime (`core_environment_access`) Rollback (`core_environment_rollback`) View FF SDK Key: View Feature Flag environment key (`ff_environment_apiKeyView`) Create FF SDK Key: Create Feature Flag environment key (`ff_environment_apiKeyCreate`) Delete FF SDK Key: Delete Feature Flag environment key (`ff_environment_apiKeyDelete`)	Active

Pipelines

Resource	Permissions	Status
Pipelines	View (`core_pipeline_view`) Create/Edit (`core_pipeline_edit`) Delete (`core_pipeline_delete`) Execute: Initiate pipeline runs (`core_pipeline_execute`) Abort Pipeline (`core_pipeline_abort`)	Active

Services

Resource	Permissions	Status
Services	View (`core_service_view`) Create/Edit (`core_service_edit`) Delete (`core_service_delete`) Access: Can access referenced services at runtime (`core_service_access`)	Active

Shared Resources

Resource	Permissions	Status
Templates	View (`core_template_view`) Create/Edit (`core_template_edit`) Delete (`core_template_delete`) Access: Can access referenced templates at runtime (`core_template_access`) Copy (`core_template_copy`)	Active
Deployment Freeze	Manage (`core_deploymentfreeze_manager`) Override (`core_deploymentfreeze_override`) Global (`global`)	Active
Secrets	View (`core_secret_view`) Create/Edit (`core_secret_edit`) – Default permission. Note: You can enable feature flags to split the default `Create/Edit` permission into separate `Create` and `Edit` permissions for more granular control. See the documentation for details. Create (`core_secret_create`) Edit (`core_secret_edit`) Delete (`core_secret_delete`) Access (`core_secret_access`)	Active
Connectors	View (`core_connector_view`) Create/Edit (`core_connector_edit`) Delete (`core_connector_delete`) Access: Can access referenced connectors at runtime (`core_connector_access`)	Active
Variables	View (`core_variable_view`) Create/Edit (`core_variable_edit`) Delete (`core_variable_delete`)	Active
Files	View (`core_file_view`) Create/Edit (`core_file_edit`) Delete (`core_file_delete`) Access (`core_file_access`)	Active
Dashboards	View (`core_dashboards_view`) Manage (`core_dashboards_edit`)	Active
Delegate Configurations	View (`core_delegateconfiguration_view`) Create/Edit (`core_delegateconfiguration_edit`) Delete (`core_delegateconfiguration_delete`)	Active
Delegates	View (`core_delegate_view`) Create/Edit (`core_delegate_edit`) Delete (`core_delegate_delete`)	Active

Policies

Resource	Permissions	Status
Governance Policies	View (`core_governancePolicy_view`) Edit (`core_governancePolicy_edit`) Create (`core_governancePolicy_create`) Analyse Access Policies (`core_accessPolicies_analyze`) Delete (`core_governancePolicy_delete`)	Active
Governance Policy Sets	View (`core_governancePolicySets_view`) Edit (`core_governancePolicySets_edit`) Create (`core_governancePolicySets_create`) Delete (`core_governancePolicySets_delete`) Evaluate (`core_governancePolicySets_evaluate`)	Active

Discovery

Resource	Permissions	Status
Network Map	View (`servicediscovery_networkmap_view`) Create (`servicediscovery_networkmap_create`) Edit (`servicediscovery_networkmap_edit`) Delete (`servicediscovery_networkmap_delete`)	Active

Supply Chain Security

Resource	Permissions	Status
Remediation Tracker	View (`ssca_remediationtracker_view`) Create/Edit (`ssca_remediationtracker_edit`) Close (`ssca_remediationtracker_close`)	Active

Webhooks

Resource	Permissions	Status
Webhooks	View (`core_gitxWebhooks_view`) Create/Edit (`core_gitxWebhooks_edit`) Delete (`core_gitxWebhooks_delete`)	Active

Notifications

Resource	Permissions	Status
Notification Rules	View (`core_notificationrule_view`) Create/Edit (`core_notificationrule_edit`) Delete (`core_notificationrule_delete`)	EXPERIMENTAL
Notification Channels	View (`core_notificationchannel_view`) Create/Edit (`core_notificationchannel_edit`) Delete (`core_notificationchannel_delete`)	EXPERIMENTAL
Legacy Notifications	View (`core_notification_view`) Create/Edit (`core_notification_edit`) Delete (`core_notification_delete`)	DEPRECATED

Input Sets

Resource	Permissions	Status
Input Sets	View Input Set (`core_inputset_view`) Create/Edit Input Set (`core_inputset_edit`) Delete Input Set (`core_inputset_delete`)	Active

Module-specific permissions

Chaos Engineering

Resource	Permissions	Status
Chaos Infrastructure	View (`chaos_chaosinfrastructure_view`) Create/Edit (`chaos_chaosinfrastructure_edit`) Delete (`chaos_chaosinfrastructure_delete`)	Active
Chaos Gameday	View (`chaos_chaosgameday_view`) Create/Edit (`chaos_chaosgameday_edit`) Delete (`chaos_chaosgameday_delete`)	Active
Chaos Hub	View: View Chaos experiments and Chaos scenarios (`chaos_chaoshub_view`) Create/Edit: Connect to ChaosHub Git repo (`chaos_chaoshub_edit`) Delete: Disconnect ChaosHub Git repo (`chaos_chaoshub_delete`)	Active
Chaos Experiment	View (`chaos_chaosexperiment_view`) Create/Edit (`chaos_chaosexperiment_edit`) Delete (`chaos_chaosexperiment_delete`) Execute (`chaos_chaosexperiment_execute`) Execute Pipeline (`chaos_chaosexperiment_executepipeline`)	Active
Chaos Probe	View (`chaos_chaosprobe_view`) Create/Edit (`chaos_chaosprobe_edit`) Delete (`chaos_chaosprobe_delete`)	Active
Chaos Security Governance	View (`chaos_chaossecuritygovernance_view`) Create/Edit (`chaos_chaossecuritygovernance_edit`) Delete (`chaos_chaossecuritygovernance_delete`)	Active
Chaos Image Registry	View (`chaos_chaosimageregistry_view`) Create/Edit (`chaos_chaosimageregistry_edit`)	Active

Cloud Cost Management

Resource	Permissions	Status
Currency Preferences	View (`ccm_currencyPreference_view`) Create/Edit (`ccm_currencyPreference_edit`)	Active
Overview	View (`ccm_overview_view`)	Active
Cost Categories	View (`ccm_costCategory_view`) Create/Edit (`ccm_costCategory_edit`) Delete (`ccm_costCategory_delete`)	Active
Folders	View (`ccm_folder_view`) Create/Edit (`ccm_folder_edit`) Delete (`ccm_folder_delete`)	Active
Perspectives	View (`ccm_perspective_view`) Create/Edit (`ccm_perspective_edit`) Delete (`ccm_perspective_delete`)	Active
AutoStopping Rules	View (`ccm_autoStoppingRule_view`) Create/Edit (`ccm_autoStoppingRule_edit`) Delete (`ccm_autoStoppingRule_delete`)	Active
Budgets	View (`ccm_budget_view`) Create/Edit (`ccm_budget_edit`) Delete (`ccm_budget_delete`)	Active
Load Balancer	View (`ccm_loadBalancer_view`) Create/Edit (`ccm_loadBalancer_edit`) Delete (`ccm_loadBalancer_delete`)	Active
Data Scope	View (`ccm_dataScope_view`)	Active
Anomalies	View (`ccm_anomalies_view`)	Active
Recommendations	View (`ccm_recommendations_view`) Manage (`ccm_recommendations_manage`)	Active
Commitment Orchestrator	View (`ccm_commitmentOrchestrator_view`) Edit (`ccm_commitmentOrchestrator_edit`)	Active
Cluster Orchestrator	View (`ccm_clusterOrchestrator_view`) Edit (`ccm_clusterOrchestrator_edit`)	Experimental
Cloud Asset Governance Rule	View (`ccm_cloudAssetGovernanceRule_view`) Create/Edit (`ccm_cloudAssetGovernanceRule_edit`) Delete (`ccm_cloudAssetGovernanceRule_delete`) Execute (`ccm_cloudAssetGovernanceRule_execute`)	Active
Cloud Asset Governance Rule Set	View (`ccm_cloudAssetGovernanceRuleSet_view`) Create/Edit (`ccm_cloudAssetGovernanceRuleSet_edit`) Delete (`ccm_cloudAssetGovernanceRuleSet_delete`)	Active
Cloud Asset Governance Enforcement	View (`ccm_cloudAssetGovernanceEnforcement_view`) Create/Edit (`ccm_cloudAssetGovernanceEnforcement_edit`) Delete (`ccm_cloudAssetGovernanceEnforcement_delete`)	Active

Code Repository

Resource	Permissions	Status
Repository	View (`code_repo_view`) Create/Edit (Create repositories and edit repository settings, such as descriptions, webhooks, and rules) (`code_repo_edit`) Delete (`code_repo_delete`) Push (Repository contributor permissions, such as committing, pushing, creating/deleting branches, creating/deleting tags) (`code_repo_push`) Report commit check : Report a Status Check Result on a Commit (`code_repo_reportCommitCheck`) Review PR: Review Pull Requests in a Code Repository (`code_repo_review`) Create Repository (`code_repo_create`)	Active

Feature Flags

Resource	Permissions	Status
Feature flags	View (`ff_featureflag_view`) Toggle: Turn Feature Flags on/off (`ff_featureflag_toggle`) Create/Edit Flag (`ff_featureflag_edit`) Edit Rule (`ff_featureflag_rulesEdit`) Edit Configuration (`ff_featureflag_configEdit`) Delete (`ff_featureflag_delete`)	Active
Target Management	View: View Targets and Target Groups (`ff_targetgroup_view`) Create/Edit: Create and edit Targets and Target Groups to control visibility of a variation of a Feature Flag (`ff_targetgroup_edit`) Delete: Delete Targets and Target Groups (`ff_targetgroup_delete`)	Active
Feature Flag	Create (`ff_featureflag_create`)	Active
Target	View (`ff_target_view`)	Active
Environment	View (`ff_environment_view`) Edit (`ff_environment_edit`) Target Group Edit (`ff_environment_targetGroupEdit`)	Active
Proxy API Keys	View (`ff_proxyapikey_view`) Create (`ff_proxyapikey_create`) Edit (`ff_proxyapikey_edit`) Delete (`ff_proxyapikey_delete`) Rotate (`ff_proxyapikey_rotate`)	Active

GitOps

Resource	Permissions	Status
Clusters	View (`gitops_cluster_view`) Create/Edit (`gitops_cluster_edit`) Delete (`gitops_cluster_delete`)	Active
Agents	View (`gitops_agent_view`) Create/Edit (`gitops_agent_edit`) Delete (`gitops_agent_delete`)	Active
GnuPG Keys	View (`gitops_gpgkey_view`) Create/Edit (`gitops_gpgkey_edit`) Delete (`gitops_gpgkey_delete`)	Active
Repository Certificates	View (`gitops_gpgkey_view`) Create/Edit (`gitops_gpgkey_edit`) Delete (`gitops_gpgkey_delete`)	Active
Applications	View (`gitops_application_view`) Create/Edit (`gitops_application_edit`) Delete (`gitops_application_delete`) Sync: Deploy applications (`gitops_application_sync`)	Active
Application Sets	View (`gitops_applicationset_view`) Create/Edit (`gitops_applicationset_edit`) Delete (`gitops_applicationset_delete`)	Experimental
Repositories	View (`gitops_repository_view`) Create/Edit (`gitops_repository_edit`) Delete (`gitops_repository_delete`)	Active
Certificates	View (`gitops_cert_view`) Create/Edit (`gitops_cert_edit`) Delete (`gitops_cert_delete`)	Active

Infrastructure as Code

Resource	Permissions	Status
IACM Workspaces	View (`iac_workspace_view`) Create/Edit (`iac_workspace_edit`) Delete (`iac_workspace_delete`) Create/Edit Variables (`iac_workspace_editvariable`) Delete Variables (`iac_workspace_deletevariable`) Approve (`iac_workspace_approve`) Access State (`iac_workspace_accessstate`)	Active
Registry	View (`iac_registry_view`) Create/Edit (`iac_registry_edit`) Delete (`iac_registry_delete`)	Active
Variable Sets	View (`iac_variableset_view`) Create/Edit (`iac_variableset_edit`) Delete (`iac_variableset_delete`)	Experimental

Service Reliability

Resource	Permissions	Status
SLO	View (`chi_slo_view`) Create/Edit (`chi_slo_edit`) Delete (`chi_slo_delete`)	Active
Monitored Services	View (`chi_monitoredservice_view`) Create/Edit (`chi_monitoredservice_edit`) Delete (`chi_monitoredservice_delete`) Toggle: Toggle Monitored Services on/off (`chi_monitoredservice_toggle`)	Active
Downtime	View (`chi_downtime_view`) Create/Edit (`chi_downtime_edit`) Delete (`chi_downtime_delete`)	Active

Security Tests

Resource	Permissions	Status
Issues	View (`sto_issue_view`)	Active
Scans	View (`sto_scan_view`)	Active
Test Targets	View (`sto_testtarget_view`) Create/Edit (`sto_testtarget_edit`)	Active
Exemptions	View (`sto_exemption_view`) Create/Edit (`sto_exemption_create`) Approve/Reject (`sto_exemption_approve`)	Active
External Tickets	View (`sto_ticket_view`) Create/Edit (`sto_ticket_edit`) Delete (`sto_ticket_delete`)	Active

Internal Developer Portal

Resource	Permissions	Status
Plugins	View (`idp_plugin_view`) Create/Edit (`idp_plugin_edit`) Toggle (`idp_plugin_toggle`) Delete (`idp_plugin_delete`)	Active
Scorecards	View (`idp_scorecard_view`) Create/Edit (`idp_scorecard_edit`) Delete (`idp_scorecard_delete`)	Active
Layouts	View (`idp_layout_view`) Create/Edit (`idp_layout_edit`)	Active
Catalog Access Policies	View (`idp_catalogaccesspolicy_view`) Create (`idp_catalogaccesspolicy_create`) Edit (`idp_catalogaccesspolicy_edit`) Delete (`idp_catalogaccesspolicy_delete`)	Active
Integrations	View (`idp_integration_view`) Create (`idp_integration_create`) Edit (`idp_integration_edit`) Delete (`idp_integration_delete`)	Active
Advanced Configurations	View (`idp_advancedconfiguration_view`) Create/Edit (`idp_advancedconfiguration_edit`) Delete (`idp_advancedconfiguration_delete`)	Active
Catalog	View (`idp_catalog_view`) Create/Edit (`idp_catalog_edit`) Delete (`idp_catalog_delete`)	Active
Workflow	View (`idp_workflow_view`) Create/Edit (`idp_workflow_edit`) Delete (`idp_workflow_delete`) Execute (`idp_workflow_execute`)	Active

Continuous Error Tracking

Resource	Permissions	Status
Tokens	View (`cet_token_view`) Create/Edit (`cet_token_create`) Revoke (`cet_token_revoke`)	Active
Critical Events	View (`cet_criticalevent_view`) Create/Edit (`cet_criticalevent_create`) Delete (`cet_criticalevent_delete`)	Active
Agents	View (`cet_agents_view`)	Active

Database DevOps

Resource	Permissions	Status
Schemas	View (`dbops_schema_view`) Create/Edit (`dbops_schema_edit`) Delete (`dbops_schema_delete`)	Active
Instances	View (`dbops_instance_view`) Create/Edit (`dbops_instance_edit`) Delete (`dbops_instance_delete`)	Active

Artifact Management

Resource	Permissions	Status
Artifact Registry	View (`artifact_artregistry_view`) Create/Edit (`artifact_artregistry_edit`) Delete (`artifact_artregistry_delete`) Upload Artifact (`artifact_artregistry_uploadartifact`) Download Artifact (`artifact_artregistry_downloadartifact`) Delete Artifact (`artifact_artregistry_deleteartifact`)	Active

Software Engineering Insights

Resource	Permissions	Status
SEI Collections	View (`sei_seicollections_view`) Create (`sei_seicollections_create`) Edit (`sei_seicollections_edit`) Delete (`sei_seicollections_delete`)	Active
SEI Configuration Settings	View (`sei_seiconfigurationsettings_view`) Create (`sei_seiconfigurationsettings_create`) Edit (`sei_seiconfigurationsettings_edit`) Delete (`sei_seiconfigurationsettings_delete`)	Active
SEI Data Settings	View (`sei_seidatasettings_view`) Create (`sei_seidatasettings_create`) Edit (`sei_seidatasettings_edit`) Delete (`sei_seidatasettings_delete`)	Active
SEI Insights	View (`sei_seiinsights_view`) Create (`sei_seiinsights_create`) Edit (`sei_seiinsights_edit`) Delete (`sei_seiinsights_delete`)	Active
SEI Insight Categories	View (`sei_seiinsightscategory_view`)	Active
SEI Teams	View (`sei_seiteams_view`) Create (`sei_seiteams_create`) Edit (`sei_seiteams_edit`) Delete (`sei_seiteams_delete`)	Active
SEI Profiles	View (`sei_seiprofiles_view`) Create (`sei_seiprofiles_create`) Edit (`sei_seiprofiles_edit`) Delete (`sei_seiprofiles_delete`)	Active

Feature Management and Experimentation

Resource	Permissions	Status
FME Environment	View (`fme_fmeenvironment_view`) Create/Edit (`fme_fmeenvironment_edit`) SDK API Key View (`fme_fmeenvironment_sdkApiKeyView`) SDK API Key Edit (`fme_fmeenvironment_sdkApiKeyEdit`) Data Export View (`fme_fmeenvironment_dataExportView`) Data Export Edit (`fme_fmeenvironment_dataExportEdit`)	Active
FME Feature Flag	View (`fme_fmefeatureflag_view`) Create/Edit (`fme_fmefeatureflag_edit`)	Active
FME Experiment	View (`fme_fmeexperiment_view`) Create/Edit (`fme_fmeexperiment_edit`)	Active
FME Segment	View (`fme_fmesegment_view`) Create/Edit (`fme_fmesegment_edit`)	Active
FME Large Segment	View (`fme_fmelargesegment_view`) Create/Edit (`fme_fmelargesegment_edit`)	Active
FME Metric	View (`fme_fmemetric_view`) Create/Edit (`fme_fmemetric_edit`)	Active
FME Traffic Type	View (`fme_fmetraffictype_view`) Create/Edit (`fme_fmetraffictype_edit`)	Active