Application manager access rights
Granular access rights can be configured for restricting access to the Application-manager component.
The Application Manager component provides granular access rights, allowing users to perform various actions depending on their assigned roles and the configured scopes.
In order for users to view resources within the Application Manager, they must have, in addition to the appropriate role_apps_manage_<scope>
role, at least read access on each resource.
Available access scopes
-
manage-applications
- Scopes:
- read
- Roles:
ROLE_APPS_MANAGE_READ
ROLE_APPS_MANAGE_IMPORT
ROLE_APPS_MANAGE_EDIT
ROLE_APPS_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_APPS_MANAGE_EDIT
ROLE_APPS_MANAGE_ADMIN
- Roles:
- import
- Roles:
ROLE_APPS_MANAGE_IMPORT
ROLE_APPS_MANAGE_EDIT
ROLE_APPS_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_APPS_MANAGE_ADMIN
- Roles:
- read
- Scopes:
-
manage-app-dependencies
- Scopes:
- read
- Roles:
ROLE_APP_DEPENDENCIES_MANAGE_READ
ROLE_APP_DEPENDENCIES_MANAGE_EDIT
ROLE_APP_DEPENDENCIES_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_APP_DEPENDENCIES_MANAGE_EDIT
ROLE_APP_DEPENDENCIES_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_APP_DEPENDENCIES_MANAGE_ADMIN
- Roles:
- read
- Scopes:
-
manage-builds
- Scopes:
- read
- Roles:
ROLE_BUILDS_MANAGE_READ
ROLE_BUILDS_MANAGE_EDIT
ROLE_BUILDS_MANAGE_IMPORT
ROLE_BUILDS_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_BUILDS_MANAGE_EDIT
ROLE_BUILDS_MANAGE_ADMIN
- Roles:
- import
- Roles:
ROLE_BUILDS_MANAGE_IMPORT
ROLE_BUILDS_MANAGE_EDIT
ROLE_BUILDS_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_BUILDS_MANAGE_ADMIN
- Roles:
- read
- Scopes:
-
manage-active-policy
- Scopes:
- read
- Roles:
ROLE_ACTIVE_POLICY_MANAGE_READ
ROLE_ACTIVE_POLICY_MANAGE_EDIT
- Roles:
- edit
- Roles:
ROLE_ACTIVE_POLICY_MANAGE_EDIT
- Roles:
- read
- Scopes:
-
manage-app-configs
- Scopes:
- read
- Roles:
ROLE_APP_CONFIG_MANAGE_READ
ROLE_APP_CONFIG_MANAGE_IMPORT
ROLE_APP_CONFIG_MANAGE_EDIT
ROLE_APP_CONFIG_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_APP_CONFIG_MANAGE_EDIT
ROLE_APP_CONFIG_MANAGE_ADMIN
- Roles:
- import
- Roles:
ROLE_APP_CONFIG_MANAGE_IMPORT
ROLE_APP_CONFIG_MANAGE_EDIT
ROLE_APP_CONFIG_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_APP_CONFIG_MANAGE_ADMIN
- Roles:
- read
- Scopes:
-
manage-app-configs-overrides
- Scopes:
- read
- Roles:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_READ
ROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORT
ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDIT
ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
- Roles:
- import
- Roles:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORT
ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDIT
ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDIT
ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
- Roles:
- read
- Scopes:
Permissions explained
Configuring access
To define or adjust access for these roles, use the following format in your environment variables:
Roles must be defined in your identity provider (e.g., Keycloak, RH-SSO, Entra or any compatible provider).
Custom roles can be configured as needed, and multiple roles can be assigned to each scope.
Was this page helpful?