These access rights are also used by to the runtime-manager microservice.
In order for users to view resources within the Application Manager, they must have, in addition to the appropriate
role_apps_manage_<scope> role, at least read access on each resource.Available access scopes
-
manage-applications
- Scopes:
- read
- Roles:
ROLE_APPS_MANAGE_READROLE_APPS_MANAGE_IMPORTROLE_APPS_MANAGE_EDITROLE_APPS_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_APPS_MANAGE_EDITROLE_APPS_MANAGE_ADMIN
- Roles:
- import
- Roles:
ROLE_APPS_MANAGE_IMPORTROLE_APPS_MANAGE_EDITROLE_APPS_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_APPS_MANAGE_ADMIN
- Roles:
- read
- Scopes:
-
manage-app-dependencies
- Scopes:
- read
- Roles:
ROLE_APP_DEPENDENCIES_MANAGE_READROLE_APP_DEPENDENCIES_MANAGE_EDITROLE_APP_DEPENDENCIES_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_APP_DEPENDENCIES_MANAGE_EDITROLE_APP_DEPENDENCIES_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_APP_DEPENDENCIES_MANAGE_ADMIN
- Roles:
- read
- Scopes:
-
manage-builds
- Scopes:
- read
- Roles:
ROLE_BUILDS_MANAGE_READROLE_BUILDS_MANAGE_EDITROLE_BUILDS_MANAGE_IMPORTROLE_BUILDS_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_BUILDS_MANAGE_EDITROLE_BUILDS_MANAGE_ADMIN
- Roles:
- import
- Roles:
ROLE_BUILDS_MANAGE_IMPORTROLE_BUILDS_MANAGE_EDITROLE_BUILDS_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_BUILDS_MANAGE_ADMIN
- Roles:
- read
- Scopes:
-
manage-active-policy
- Scopes:
- read
- Roles:
ROLE_ACTIVE_POLICY_MANAGE_READROLE_ACTIVE_POLICY_MANAGE_EDIT
- Roles:
- edit
- Roles:
ROLE_ACTIVE_POLICY_MANAGE_EDIT
- Roles:
- read
- Scopes:
-
manage-app-configs
- Scopes:
- read
- Roles:
ROLE_APP_CONFIG_MANAGE_READROLE_APP_CONFIG_MANAGE_IMPORTROLE_APP_CONFIG_MANAGE_EDITROLE_APP_CONFIG_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_APP_CONFIG_MANAGE_EDITROLE_APP_CONFIG_MANAGE_ADMIN
- Roles:
- import
- Roles:
ROLE_APP_CONFIG_MANAGE_IMPORTROLE_APP_CONFIG_MANAGE_EDITROLE_APP_CONFIG_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_APP_CONFIG_MANAGE_ADMIN
- Roles:
- read
- Scopes:
-
manage-app-configs-overrides
- Scopes:
- read
- Roles:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_READROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORTROLE_APP_CONFIG_OVERRIDES_MANAGE_EDITROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
- Roles:
- import
- Roles:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORTROLE_APP_CONFIG_OVERRIDES_MANAGE_EDITROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
- Roles:
- edit
- Roles:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDITROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
- Roles:
- admin
- Roles:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
- Roles:
- read
- Scopes:
Permissions explained
manage-applications - Scope: read
manage-applications - Scope: read
- Permissions:
- Can view Projects entry in main menu
- Add icon for Applications and Libraries sections is hidden - cannot add application or library
- Can view application or library Config view in read-only mode (for draft application versions) with action buttons hidden
- Can export application version
- Restrictions:
- Cannot start a draft application version
- Cannot discard changes
- Cannot create build
- Cannot create new branch
- Cannot import application version
- Cannot commit a draft application version
- Cannot merge branches
- Can view draft application version in read-only mode with buttons hidden
- Roles allowed:
ROLE_APPS_MANAGE_READROLE_APPS_MANAGE_IMPORTROLE_APPS_MANAGE_EDITROLE_APPS_MANAGE_ADMIN
manage-applications - Scope: edit
manage-applications - Scope: edit
- Permissions:
- Can view Projects entry in main menu
- Can create new application or library
- Can merge branches
- Can create new branch
- Can start new application version
- Can submit application version
- Cannot delete application - Delete icon in contextual menu is hidden
- Roles allowed:
ROLE_APPS_MANAGE_EDITROLE_APPS_MANAGE_ADMIN
manage-applications - Scope: import
manage-applications - Scope: import
- Permissions:
- Can view Import Version entry on:
- Projects page
- Application versioning overlay
- Can view Export version button on application versioning overlay
- Can view Import Version entry on:
- Roles allowed:
ROLE_APPS_MANAGE_IMPORTROLE_APPS_MANAGE_EDITROLE_APPS_MANAGE_ADMIN
manage-applications - Scope: admin
manage-applications - Scope: admin
- Permissions:
- All permissions under read, edit, import
- Can delete application or library
- Roles allowed:
ROLE_APPS_MANAGE_ADMIN
manage-builds - Scope: read
manage-builds - Scope: read
- Permissions:
- Can view Builds entry in application Runtime tab menu
- Can view Builds page
- Can view Builds content (contextual menu > Build contents)
- Cannot import build
- Projects page > Import icon > Import build is not shown
- Roles allowed:
ROLE_BUILDS_MANAGE_READROLE_BUILDS_MANAGE_EDITROLE_BUILDS_MANAGE_IMPORTROLE_BUILDS_MANAGE_ADMIN
manage-builds - Scope: edit
manage-builds - Scope: edit
- Permissions:
- Can see Create build button on Application Versioning overlay for a committed application version
- Roles allowed:
ROLE_BUILDS_MANAGE_EDITROLE_BUILDS_MANAGE_ADMIN
manage-builds - Scope: import
manage-builds - Scope: import
- Permissions:
- Can view Builds entry in application Runtime tab menu
- Can import builds
- Roles allowed:
ROLE_BUILDS_MANAGE_EDITROLE_BUILDS_MANAGE_IMPORTROLE_BUILDS_MANAGE_ADMIN
manage-builds - Scope: admin
manage-builds - Scope: admin
- Permissions:
- Can do all of the above
- Roles allowed:
ROLE_BUILDS_MANAGE_ADMIN
manage-active-policy - Scope: read
manage-active-policy - Scope: read
- Permissions:
- Can view Active policy entry in application Runtime tab menu
- Can view Active policy page in read-only mode - Fields and Save button are hidden
- Roles allowed:
ROLE_ACTIVE_POLICY_MANAGE_READROLE_ACTIVE_POLICY_MANAGE_EDIT
manage-active-policy - Scope: edit
manage-active-policy - Scope: edit
- Permissions:
- All permissions under read
- Can update active policy settings - fields and save button are enabled
- Roles allowed:
ROLE_ACTIVE_POLICY_MANAGE_EDIT
manage-app-configs - Scope: read
manage-app-configs - Scope: read
- Permissions:
- Can view Configuration parameters in Application Config View menu
- Can view Configuration parameters page in read-only mode
- Roles allowed:
ROLE_APP_CONFIG_MANAGE_READROLE_APP_CONFIG_MANAGE_IMPORTROLE_APP_CONFIG_MANAGE_EDITROLE_APP_CONFIG_MANAGE_ADMIN
manage-app-configs - Scope: import
manage-app-configs - Scope: import
- Permissions:
- All permissions under read
- Can import configuration parameters
- Roles allowed:
ROLE_APP_CONFIG_MANAGE_IMPORTROLE_APP_CONFIG_MANAGE_EDITROLE_APP_CONFIG_MANAGE_ADMIN
manage-app-configs - Scope: edit
manage-app-configs - Scope: edit
- Permissions:
- All permissions under read
- Can add/edit/delete configuration parameters
- Cannot import configuration parameters
- Roles allowed:
ROLE_APP_CONFIG_MANAGE_EDITROLE_APP_CONFIG_MANAGE_ADMIN
manage-app-configs - Scope: admin
manage-app-configs - Scope: admin
- Permissions:
- All permissions for read, edit, import
- Roles allowed:
ROLE_APP_CONFIG_MANAGE_ADMIN
manage-app-configs-overrides - Scope: read
manage-app-configs-overrides - Scope: read
- Permissions:
- Can view Configuration parameters overrides in Application Runtime View menu
- Can view Configuration parameters overrides page in read-only mode:
- cannot add configuration param override
- cannot edit a configuration param override
- cannot delete a configuration param override
- Roles allowed:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_READROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORTROLE_APP_CONFIG_OVERRIDES_MANAGE_EDITROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
manage-app-configs-overrides - Scope: import
manage-app-configs-overrides - Scope: import
- Permissions:
- All permissions under read
- Can import configuration parameters
- Roles allowed:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_IMPORTROLE_APP_CONFIG_OVERRIDES_MANAGE_EDITROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
manage-app-configs-overrides - Scope: edit
manage-app-configs-overrides - Scope: edit
- Permissions:
- All permissions under read
- Can add/edit configuration parameters overrides
- Roles allowed:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_EDITROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
manage-app-configs-overrides - Scope: admin
manage-app-configs-overrides - Scope: admin
- Permissions:
- All permissions under read, edit, import
- Can delete app config overrides
- Roles allowed:
ROLE_APP_CONFIG_OVERRIDES_MANAGE_ADMIN
manage-app-dependencies - Scope: read
manage-app-dependencies - Scope: read
- Permissions:
- Can view Dependencies entry in Application Config view menu
- Can view Dependencies page in read-only mode
- Roles allowed:
ROLE_APP_DEPENDENCIES_MANAGE_READROLE_APP_DEPENDENCIES_MANAGE_EDITROLE_APP_DEPENDENCIES_MANAGE_ADMIN
manage-app-dependencies - Scope: edit
manage-app-dependencies - Scope: edit
- Permissions:
- All permissions under read
- Can add/edit dependencies
- Roles allowed:
ROLE_APP_DEPENDENCIES_MANAGE_EDITROLE_APP_DEPENDENCIES_MANAGE_ADMIN
manage-app-dependencies - Scope: admin
manage-app-dependencies - Scope: admin
- Permissions:
- All permissions under read, edit
- Can delete dependency
- Roles allowed:
ROLE_APP_DEPENDENCIES_MANAGE_ADMIN
Configuring access
To define or adjust access for these roles, use the following format in your environment variables:Roles must be defined in your identity provider (e.g., Keycloak, RH-SSO, Entra or any compatible provider).