Environment Manager allows you to configure fine grained permissions to view and manage your environments.
N.B. By default, all permissions are granted to standard JIRA groups (jira-administrators, jira-users, jira-software-users, jira-core-users and jira-servicedesk-users). If you do not use these defaults groups in your JIRA instance you have to add on your own the permissions to the groups your users belong to as described below.
Change the default setup only if you have well understood the concepts described below.
Environment Permission Scheme
If you have a subset of environments that should be managed by a dedicated team of users and which required specific permissions, you must create a new Environment Permission Scheme. An Environment Permission Scheme allows you to group Environments that share the same lifecycle/owners. Each Environment belongs to only ONE Environment Permissions Scheme. You can define as many different Environment Permission Schemes as you want.
For example, in certain organization, the development and integration environments are managed directly by the development and testing team and staging and pre-production environment are managed by a dedicated Infrasctructure or Middleware team.
Another use case would be to avoid showing the full list of environments for a group of users that only works on a limited number of applications and environments.
In the 2 examples above, you must create different Environment Permission Schemes and map them to different Environment Roles.
An Environment Role belongs to an Environment Permission Scheme. It is defined by a set of Environment Teams that are allowed to do certain operations based on a list of Permissions. You can define as many roles as you want for each Environment Family.
When creating an Environment Role you must specify :
- the list of Permissions that are granted to play this role
- the list of Environment Teams that will play this role
For example, you can create a new “Deployer” role with the “deploy” permission and associate it to the “Deployers” Environment Team (read below to understand how to create an Environment Team).
An Environment Team is a subset of jira users that can play many Environment Roles. To define users who are members of an Environment Team, you associate it to a list of existing jira groups. All users who are members of at least one group associated to the Environment Team is considered as member of this Environment Team.
There are pre-defined Environment Teams that cannot be modified :
- Jira Administrators: All users belonging to jira-administrators group
- Jira Users: All users belonging to jira-users group
Jira ServiceDesk Users: All users belonging to jira-servicedesk-users group
Jira Software Users: All users belonging to jira-software-users group
Jira Core: Users All users belonging to jira-core-users group
Anyone: Any users with or without Jira account (Since version 6.0)
Note that one Environment Team can be re-used by different Environment Roles.
An Environment Permission is a set of operations that can be granted to different Environment Roles. The list of Environment Permissions is pre-defined :
- “Browse Environments” : allows users to view the environment
- “Edit Environments” : allows users to edit an existing environment
- “Create and Delete Environments” : allows users to create/delete environments
- “Deploy Version” : allows users to change the deployed version of an environment
- “Change Status” : allows users to change the status of an environment
- “Manage Applications” (since version 3.5) : allows users to create/update/delete applications
- “Manage Categories” (since version 3.5) : allows users to create/update/delete environment categories
- “Manage Events and Calendars” (since version 4) : allows users to create/update/delete environment planned events and calendars
- (NEW since version 4.8) “Manage Deployments” : allows users to delete/create new deployment at any date in the past
- (NEW since version 5.3)
“View Secured Attributes” : allows users to view secured attributes value (more information about secured attributes here)
- (NEW since version 5.3)
“Edit Secured Attributes” : allows users to view and modify secured attributes value (more information about secured attributes here)
N.B. Change the default setup only if you have understood the concepts described above.
To change default setup, open main “Environments” menu and look at the “Security” section :
- click on Manage Teams sub menu to add/modify/delete Environment Teams
- click on Manage Permission Schemes to add/modify/delete Permission Schemes
- click on Manage Roles sub menu to add/modify/delete Environment Roles (screenshot below)
Environment Gadgets visible to people without Jira accounts
Giving the "Browse Environments" permission to the "Anyone" team will make the Environment information public. It will then be possible to display Environment Gadgets on the Jira System Dashboard and in Confluence pages publicly accessible.