Skip to main content

Roles and Permissions

DataOps roles

Users' roles in the data product platform determine what permissions users have on projects, project features, and groups. DataOps interacts with the below primary roles:

  • Reporter: A read-only contributor who can't write in the repository but can on issues.
  • Developer: A direct contributor with full access unless something has been explicitly restricted.
  • Maintainer: A super-developer who can commit to the main branch and deploy to production.
  • Owner: A person with all permissions available only for group owners and administrators.

You can see the DataOps roles by navigating to the group or project information and selecting Members.

DataOps roles listed in the UI !!shadow!!

When you add a user to a project or group, you assign them a role. The role determines which actions they can take on the group or project. The highest role is used if a user is in a project's group and the project itself.

User permissions

Users in DataOps are assigned permissions based on different levels of access. The following sections provide details for permissions at each level.

Repository permissions

ActionReporterDeveloperMaintainerOwner
View repository analyticsYesYesYesYes
Pull project codeYesYesYesYes
View project codeYesYesYesYes
View a commit statusYesYesYesYes
Add tagsNoYesYesYes
Create new branchesNoYesYesYes
Create or update commit statusNoYesYesYes
Force push to non-protected branchesNoYesYesYes
Push to non-protected branchesNoYesYesYes
Remove non-protected branchesNoYesYesYes
Rewrite or remove Git tagsNoYesYesYes
Enable or disable branch protectionNoNoYesYes
Enable or disable tag protectionNoNoYesYes
Push to protected branchesNoNoYesYes
Turn on or off protected branch push for developersNoNoYesYes
Remove fork relationshipNoNoNoYes
Force push to protected branchesNoYesNoNo
Remove protected branchesNoNoNoNo

Merge requests permissions

ActionReporterDeveloperMaintainerOwner
View analyticsYesYesYesYes
Assign reviewerYesYesYesYes
Apply code change suggestionsNoYesYesYes
See listYesYesYesYes
ApproveNoYesYesYes
AssignNoYesYesYes
CreateNoYesYesYes
Add labelNoYesYesYes
Lock threadNoYesYesYes
Manage or acceptNoYesYesYes
Manage merge approval rulesNoNoYesYes
DeleteNoNoNoYes
Manage or acceptNoYesYesYes
Manage or acceptNoYesYesYes
Manage or acceptNoYesYesYes

CI/CD permissions

ActionReporterDeveloperMaintainerOwner
View pipeline details pageYesYesYesYes
View pipelines pageYesYesYesYes
View pipelines tab in MRYesYesYesYes
View vulnerabilities in a pipelineYesYesYesYes
Run CI/CD pipeline for a protected branchNoYesYesYes
Use pipeline editorNoYesYesYes
Delete pipelinesNoNoNoYes
View a list of jobsYesYesYesYes
View job logs and job details pageYesYesYesYes
Cancel and retry jobsNoYesYesYes
Delete job logs or job artifactsNoYesYesYes
View a job with debug loggingNoYesYesYes
Manage job triggersNoNoYesYes
Allow access to projects with a job tokenYes
Note: Reporters should be granted access to the project group created to hold shared content from a custom DataOps reference project. For more information, see Allow access to projects with a job token.		NoYesYes

Roles and licenses mapping

DataOps provides you with two types of licenses: developer users and operator users.

The developer user license has full access to all features and is intended for project owners, maintainers, and developers. The operator user license has more limited access and is intended for reporters.

The following table describes the license access rights per role:

LicensesPermissionsIntended Roles
Developer usersDevelop and maintain code
Raise/review merge requests
Run pipelines
Manage branches/tags
All reporter user features		Developer
Maintainer
Owners
Operator usersView project code
Access test reports
Review pipelines logs
Manage issues		Reporters
Last updated on