Skip to main content

Role-based access control quickstart

Harness Role-Based Access Control (RBAC) helps you manage who has access to your Harness resources, what they can do with those resources, and in what scope they have access.

Role Assignments to Users, User Groups, and Service Accounts at a specific scope, determine their permissions.

This quickstart shows how to configure Role-Based Access Control (RBAC) for Pipeline Creation, Execution, and Connector Admin.

Objectives

You will learn how to:

  • Create custom Roles.
  • Create custom Resource Groups.
  • Set up role-based access control for Pipeline Owner.
  • Set up role-based access control for Connector Admin.

Before you begin

Prerequisites

  • You must have View, Manage, and Invite permissions for Users.
  • You must have View and Manage permissions for User Groups.
  • You must have View, Create/Edit, and Delete permissions for Resource Groups.
  • You must have View, Create/Edit, and Delete permissions for Roles.
  • You must have created your Organizations and Projects. See Create Organizations and Projects.

RBAC Components

To manage access control in Harness, you must have the following components in place:

Harness provides a set of built-in Resource Groups and Roles for you to easily manage access control. For more information, see Role Assignments.

However, you can always create your own custom Resource Groups and Roles to manage access control as per your needs.

For example, you can give access to Create Pipelines within all the Projects under Org O1, but not Delete or Execute them.

Let us look at a few examples to create a few custom Resource Groups and Roles and set up RBAC accordingly.

Set Up RBAC for Pipeline Owner

Let us set up access control for a custom Role called Pipeline Owner.

Following are the components required for this RBAC setup:

  • Principal: a User Group named Pipeline Owners.
  • Resource Group: a custom Resource Group named All Pipeline Resources.
  • Role: a custom Role named Pipeline Admin.

The following table shows the Role Assignment for a Pipeline Owner:

Custom Role NameCustom Resource Group NameResource ScopeResourcesPermissions
Pipeline AdminAll Pipeline ResourcesAll (including all Organizations and Projects)
  • Pipelines
  • Secrets
  • Connectors
  • Delegates
  • Environments      
  • Templates
  • Variables
  • View, Create/Edit, Delete, Execute Pipelines
  • View, Create/Edit, Access Secrets
  • View, Create/Edit, Delete, Access Connectors
  • View, Create/Edit Delegates
  • View, Create/Edit, Access Environments
  • View, Create/Edit, Access Templates
  • View, Create/Edit Variables
  • Step 1: Create a User Group

    1. In your Harness Account, click Account Settings.
    2. Click Access Control.
    3. In User Groups, click New User Group. The New User Group settings appear.
    4. Enter a Name for your User Group. In this case, enter Pipeline Owners.
    5. Enter Description and Tags for your User Group.
    6. Select Users under Add Users.
    7. Click Save.

    Your User Group is now listed under User Groups.

    Step 2: Create a Custom Resource Group

    1. In your Harness Account, click Account Settings.
    2. Click Access Control.
    3. In Resource Groups, click New Resource Group. The New Resource Group settings appear.
    4. Enter a Name for your Resource Group. In this case, enter All Pipeline Resources.
    5. Enter Description and Tags for your Resource Group.
    6. Click Save.
    7. In Resource Scope, select All (including all Organizations and Projects). This would mean the Principal can access the specified resources within the Account as well as those within the Organizations and their Projects.
    8. In Resources, select Specified.
    9. Select the following resources:
      1. Environments
      2. Variables
      3. Templates
      4. Secrets
      5. Delegates
      6. Connectors
      7. Pipelines
    10. Click Save.

    Step 3: Create a Custom Role

    1. In your Harness Account, click Account Settings.
    2. Click Access Control.
    3. In Roles, click New Role. The New Role settings appear.
    4. Enter a Name for your Role. In this case, enter Pipeline Admin.
    5. Enter optional Description and Tags for your Role.
    6. Click Save.
    7. Select the following permissions for the resources:
      1. View, Create/Edit, Delete, Execute Pipelines
      2. View, Create/Edit, Access Secrets
      3. View, Create/Edit, Delete, Access Connectors
      4. View, Create/Edit Delegates
      5. View, Create/Edit, Access Environments
      6. View, Create/Edit, Access Templates

    Step 4: Assign Role Permission to the User Group

    Let us now complete the Role Assignment for the User Group to complete the RBAC set up for Pipeline Owner.

    1. In your Harness Account, click Account Settings.
    2. Click Access Control.
    3. In User Groups, locate the User Group you just created and click on Role. The Add Role settings appear.
    4. In Assign Role Bindings, click Add.
    5. In Role, select the custom Role that you created.
    6. In Resource Group, select the custom Resource Group you just created.
    7. Click Apply.

    Next steps