Access Control

There are several different application layer systems at work in controlling access to systems and features.

Authentication is provided by a single sign-on credential that is used to access all applications on the platform in a federated manner. Authorizations to access and use specific features are handled at the end-point of each request, and, broadly speaking, these endpoints are considered to be one of the following: Portal, GitLab, or API.

Portal

The Portal endpoint is the Cascade GUI used to manage projects, automation, and deployments against managed hosting systems. The Portal defines role-based permissions for interacting with platform configuration, user accounts, project configuration, and project actions. The user roles can be assigned globally or on a per-project basis.

The following user roles are available at the project and global layers: Administrator, Manager, Observer, Developer, and Deployer.

Please see the following table for details on what permissions are included per role:

Action Administrator Manager Observer Developer Deployer
View Environment
[for env in 1…n]
y y y y y
View Workflow Log y y y y y
Take Database Snapshot
[for env in 1…n]
y y n y y
Checkout Code
[for env in 1…n]
y y n y* y
Merge Code from
[for env in 1…n] to [for env in 1…n]
y n n y* y
Merge Assets from
[for env in 1…n] to [for env in 1…n]
y n n y* y
Clone Database from
[for env in 1…n] to [for env in 1…n]
y n n y* y**
*Except from or to production environments
**Except from production environments

Portal Role Verification

System Admin Role

The Admin Role is only assigned globally and has permission to configure all platform options and create new projects.

To verify and account has the System Admin Role log into the Cascade portal with the target account and look in the header navigation area for the “Administration” menu. To the right of the page, also notice the presence of the “Add New Project” button. These features being activated confirm membership in the System Admin role. See the screenshot below.

My Projects listing

Project Admin Role

To verify an account is a Project Admin for a given project log into the Cascade portal with the target account and navigate to the Project Overview. There should be a number of extra tabs to the left of the display below the pipelines icon (Open the Pipelines dashboard). The screenshot below demonstrates the extra tabs available starting with the Project Details.

Project Details tab

GitLab

The GitLab endpoint is the integrated GitLab CE system bundled with Cascade. This includes both the GitLab GUI and all of its subcomponents and APIs.

GitLab Role Verification

Admin Verification

To check if you are a GitLab Administrator follow these instructions:

  1. Log into Cascade.
  2. Navigate to the Cascade GitLab instance, the domain for which is gitlab-[your 4th level].ab.contegix.com.
  3. Look for the wrench icon in your navigation bar as shown below. If you see it, you are a Gitlab Administrator.

GitLab administrator

Tip: If you are having trouble finding a link to GitLab, there is a link to “View Source Code” on every Cascade project landing page to take you there, and if you have no projects yet, the url is typically https://gitlab-ID.ab.contegix.com

API

The API endpoint is called by other software systems integrating with Cascade.