Project roles are defined in a specific project by a project admin, and can grant permissions to assets within that project. You can combine global and project-specific roles within a project role to provide additional granularity when setting access permissions to projects.
When creating a new project, the project admin can create new project roles for each of the projects to which they are assigned.
Note
Note the following limitations for project roles:
Project roles must grant at least one permission (e.g., read artifacts): roles cannot be empty.
A project member (user or group) must have at least one project role assigned
Actions granted via project roles are applied to all project resources of the relevant type and environment (e.g., the read artifacts action will be permitted on all project repositories in the DEV environment)
The following example demonstrates the permissions in the case of a Developer global role and a Lead Developer project role:
The Developer global role is granted the Read and Write actions in the DEV and PROD environments. This role is seen in the Global Roles tab.
The Lead Developer project role is granted the Read, Write, and Delete actions in the DEV environment. This role is seen in the Project Roles tab.
The user or group assigned to the Developer role will be able to Read and Write artifacts in DEV and PROD environments. Adding the Lead Developer to the same user or group will also provide them with the ability to delete artifacts in the DEV environment only.