Access Control¶
There are several different application layer systems at work in controlling access to systems and features.
Authentication is provided by a single sign-on credential that is used to access all applications on the platform in a federated manner. Authorizations to access and use specific features are handled at the end-point of each request, and, broadly speaking, these endpoints are considered to be one of the following: Portal, GitLab, or API.
Portal¶
The Portal endpoint is the Cascade GUI used to manage projects, automation, and deployments against managed hosting systems. The Portal defines role-based permissions for interacting with platform configuration, user accounts, project configuration, and project actions. The user roles can be assigned globally or on a per-project basis.
The following user roles are available at the project and global layers: Administrator, Manager, Observer, Developer, and Deployer.
Please see the following table for details on what permissions are included per role:
Action | Administrator | Manager | Observer | Developer | Deployer |
---|---|---|---|---|---|
|
y | y | y | y | y |
View Workflow Log | y | y | y | y | y |
|
y | y | n | y | y |
|
y | y | n | y* | y |
|
y | n | n | y* | y |
|
y | n | n | y* | y |
|
y | n | n | y* | y** |
Portal Role Verification¶
System Admin Role¶
The Admin Role is only assigned globally and has permission to configure all platform options and create new projects.
To verify and account has the System Admin Role log into the Cascade portal with the target account and look in the header navigation area for the “Administration” menu. To the right of the page, also notice the presence of the “Add New Project” button. These features being activated confirm membership in the System Admin role. See the screenshot below.
Project Admin Role¶
To verify an account is a Project Admin for a given project log into the Cascade portal with the target account and navigate to the Project Overview. There should be a number of extra tabs to the left of the display below the pipelines icon (). The screenshot below demonstrates the extra tabs available starting with the Project Details.
GitLab¶
The GitLab endpoint is the integrated GitLab CE system bundled with Cascade. This includes both the GitLab GUI and all of its subcomponents and APIs.
GitLab Role Verification¶
Admin Verification¶
To check if you are a GitLab Administrator follow these instructions:
- Log into Cascade.
- Navigate to the Cascade GitLab instance, the domain for which is gitlab-[your 4th level].ab.contegix.com.
- Look for the wrench icon in your navigation bar as shown below. If you see it, you are a Gitlab Administrator.
Tip: If you are having trouble finding a link to GitLab, there is a link to “View Source Code” on every Cascade project landing page to take you there, and if you have no projects yet, the url is typically https://gitlab-ID.ab.contegix.com
API¶
The API endpoint is called by other software systems integrating with Cascade.