Triggers and RBAC
This content is for Harness FirstGen. Switch to NextGen. A Trigger involves multiple settings, including Service, Environment, and Workflow specifications. Harness examines these components as you set up a Trigger.
You might be authorized for one component selected in a Trigger, such as a Service, but not another, such as an Environment. In these cases, an error message will alert you to missing authorizations.
To determine if you are authorized to create Triggers for a particular Environment or other components, review:
- All the permissions of your Harness User Group. The User Group Application Permissions should include the Deployments Permission Type and Execute Workflow and/or Execute Pipeline Action for the Harness Application(s) with the Triggers you want Users to execute.
- The Usage Scope of the Cloud Provider, and of any other Harness connectors you have set up.
For further details, see Managing Users and Groups (RBAC) and Connectors Overview.
Below are some errors that can occur.
User does not have "Deployment: execute" permission
Error messages of the form User does not have "Deployment: execute" permission
indicate that your user group's Application Permissions > Action settings do not include execute in the scope of the specified Application and/or Environment. To resolve this, see Application Permissions.
User not authorized
The following error message indicates that a non-Administrator has tried to submit a Trigger whose Workflow Variables: Environment field is configured with a variable, rather than with a static Environment name:
User not authorized: Only members of the Account Administrator user group can create or update Triggers with parameterized variables
Submitting a Pipeline Trigger that includes such a Workflow will generate the same error.
One resolution is to set the Environment field to a static value. But if the Environment setting must be dynamic, a member of the Account Administrator user group will need to configure and submit the Trigger.
See Also
- You can use settings to enforce authorization on some Triggers. See Trigger a Deployment using cURL.