Permissions reference

This topic describes permissions relevant to RBAC in Harness. For API permissions, go to the API permissions reference.

Administrative Functions

Resource	Permissions
Resource Groups	View Create/Edit Delete
Account Settings	Available at the account scope only. View Edit
Default Settings	Create/Edit
Projects	View Create Edit Delete
User Groups	View Manage: Create, edit, and delete user groups
Service Accounts	View Create/Edit Delete Manage: Create, edit, and delete API keys and tokens for service accounts
Organizations	Available at the account and org scopes only. View Create Edit Delete
Roles	View Create/Edit Delete
Streaming Destination	Available at the account scope only. View Create/Edit Delete
Users	View Manage: Edit and delete users Invite: Add users by inviting them to Harness
Authentication Settings	Available at the account scope only. View Create/Edit Delete

Environment Groups

Resource	Permissions
Environment Groups	View Create/Edit Delete Access: Can access referenced environment groups at runtime

Environments

Resource	Permissions
Environments	View Create/Edit Delete Access: Can access referenced environments at runtime Create FF SDK Key: Create Feature Flag environment key Delete FF SDK Key: Delete Feature Flag environment key

Pipelines

Resource	Permissions
Pipelines	View Create/Edit Delete Execute: Initiate pipeline runs

Services

Resource	Permissions
Services	View Create/Edit Delete Access: Can access referenced services at runtime

Shared Resources

Resource	Permissions
Templates	View Create/Edit Delete Access: Can access referenced templates at runtime Copy
Governance Policies	View Create/Edit Delete
Deployment Freeze	Manage Override Global
Secrets	View Create/Edit Delete Access: Can access referenced secrets at runtime
Connectors	View Create/Edit Delete Access: Can access referenced connectors at runtime
Governance Policy Sets	View Create/Edit Delete Evaluate: Can evaluate governance policy sets
Variables	View Create/Edit Delete
Files	View Create/Edit Delete Access
Dashboards	View Manage
Delegate Configurations	View Create/Edit Delete
Delegates	View Create/Edit Delete

Module-specific permissions

Chaos Engineering

Resource	Permissions
Chaos Infrastructure	View Create/Edit Delete
Chaos Gameday	View Create/Edit Delete
Chaos Hub	View: View Chaos experiments and Chaos scenarios Create/Edit: Connect to ChaosHub Git repo Delete: Disconnect ChaosHub Git repo
Chaos Experiment	View Create/Edit Delete Execute

Cloud Cost Management

Resource	Permissions
Currency Preferences	View Create/Edit
Overview	View
Cost Categories	View Create/Edit Delete
Folders	View Create/Edit Delete
Perspectives	View Create/Edit Delete
AutoStopping Rules	View Create/Edit Delete
Budgets	View Create/Edit Delete
Load Balancer	View Create/Edit Delete

Feature Flags

Resource	Permissions
Feature flags	Toggle: Turn Feature Flags on/off Create/Edit Delete
Target Management	Create/Edit: Create and edit Targets and Target Groups to control visibility of a variation of a Feature Flag Delete: Delete Targets and Target Groups

GitOps

Resource	Permissions
Clusters	View Create/Edit Delete
Agents	View Create/Edit Delete
GnuPG Keys	View Create/Edit Delete
Repository Certificates	View Create/Edit Delete
Applications	View Create/Edit Delete Sync: Deploy applications
Repositories	View Create/Edit Delete

Service Reliability

Resource	Permissions
SLO	View Create/Edit Delete
Monitored Services	View Create/Edit Delete Toggle: Toggle Monitored Services on/off
Downtime	View Create/Edit Delete

Security Tests

Resource	Permissions
Issues	View
Scans	View
Test Targets	View Create/Edit
Exemptions	View Create/Edit Approve/Reject
External Tickets	View Create/Edit Delete