Skip to main content

Roles and Permissions

DataOps roles

Users' roles in the DataOps platform determine what permissions users have on projects, project features, and groups. DataOps interacts with the below primary roles:

  • Guest: A non-active contributor in private projects. They have read-only access but can leave comments on projects.
  • Reporter: A read-only contributor who can't write in the repository but can on issues.
  • Developer: A direct contributor with full access unless something has been explicitly restricted.
  • Maintainer: A super-developer who can commit to the main branch and deploy to production.
  • Owner: A person who has all permissions but is available only for group owners and administrators.

You can see the DataOps roles by navigating to the group or project information and selecting Members.

DataOps roles listed in the UI __shadow__

When you add a user to a project or group, you assign them a role. The role determines which actions they can take on the group or project. The highest role is used if a user is in a project's group and the project itself.

User permissions

Users in DataOps are assigned permissions based on different levels of access. The following sections provide details for permissions at each level.

Repository permissions

ActionGuestReporterDeveloperMaintainerOwner
View repository analyticsNoYesYesYesYes
Pull project codeYesYesYesYesYes
View project codeYesYesYesYesYes
View a commit statusNoYesYesYesYes
Add tagsNoNoYesYesYes
Create new branchesNoNoYesYesYes
Create or update commit statusNoNoYesYesYes
Force push to non-protected branchesNoNoYesYesYes
Push to non-protected branchesNoNoYesYesYes
Remove non-protected branchesNoNoYesYesYes
Rewrite or remove Git tagsNoNoYesYesYes
Enable or disable branch protectionNoNoNoYesYes
Enable or disable tag protectionNoNoNoYesYes
Manage push rulesNoNoNoYesYes
Push to protected branchesNoNoNoYesYes
Turn on or off protected branch push for developersNoNoNoYesYes
Remove fork relationshipNoNoNoNoYes
Force push to protected branchesNoNoYesNoNo
Remove protected branchesNoNoNoNoNo

Merge requests permissions

ActionGuestReporterDeveloperMaintainerOwner
View analyticsYesYesYesYesYes
Assign reviewerNoYesYesYesYes
Apply code change suggestionsNoNoYesYesYes
See listNoYesYesYesYes
ApproveNoNoYesYesYes
AssignNoNoYesYesYes
CreateNoNoYesYesYes
Add labelNoNoYesYesYes
Lock threadNoNoYesYesYes
Manage or acceptNoNoYesYesYes
Manage merge approval rulesNoNoNoYesYes
DeleteNoNoNoNoYes
Manage or acceptNoNoYesYesYes
Manage or acceptNoNoYesYesYes
Manage or acceptNoNoYesYesYes

CI/CD permissions

ActionGuestReporterDeveloperMaintainerOwner
View pipeline details pageYesYesYesYesYes
View pipelines pageYesYesYesYesYes
View pipelines tab in MRYesYesYesYesYes
View vulnerabilities in a pipelineYesYesYesYesYes
Run CI/CD pipeline for a protected branchNoNoYesYesYes
Use pipeline editorNoNoYesYesYes
Delete pipelinesNoNoNoNoYes
View a list of jobsYesYesYesYesYes
View job logs and job details pageYesYesYesYesYes
Cancel and retry jobsNoNoYesYesYes
Delete job logs or job artifactsNoNoYesYesYes
View a job with debug loggingNoNoYesYesYes
Manage job triggersNoNoNoYesYes

Roles and licenses mapping

DataOps provides you with two types of licenses: developer users and operator users.

The developer user license has full access to all features and is intended for project owners, maintainers, and developers. The operator user license has more limited access and is intended for guests and reporters.

The following table describes the license access rights per role:

LicensesPermissionsIntended Roles
Developer usersDevelop and maintain code
Raise/review merge requests
Run pipelines
Manage branches/tags
All reporter user features
Developer
Maintainer
Owners
Operator usersView project code
Access test reports
Review pipelines logs
Manage issues
Guests
Reporters
Guest Users

The Guest role is different from Guest users. When a user is given the Guest role on a project, group, or both, and holds no higher permission level on any other project or group on the instance, the user is considered a guest user and does not consume a license seat.