DEV Community

Cover image for Unified Permissions Model
Disha Meswania for JFrog

Posted on

Unified Permissions Model

In today’s DevOps world, developers like you are compelled to work with several bits and pieces of different software to put CI/CD processes together. What if I told you an end-to-end DevOps set of solutions -- The JFrog Platform -- enables you to have all these components together in a single unified software experience.

To create this, we at JFrog have unified our installers, the file-structures, the administration functions, the metadata from different parts as well as the UI and permissions.

I would like to focus here on the unification of permissions. Specifically, why we did it and how this actuates the permissions model for our end-to-end platform.

WHY UNIFY PERMISSIONS

An inevitable part of administering the DevOps workflow is to have a mechanism for managing user permissions to different resources in an efficient manner. With different resources, i.e. parts of different DevOps tools, working independently, administrators need to ensure this mechanism is in place for CRUD (Create, Read, Update and Delete) permissions for each resource. Unifying user permissions is an important benefit to administrators for ease of use.

HOW THIS ENABLES THE PLATFORM

We identified each resource that can be qualified for a different level of access and enabled them to have role-based permissions for these resources in a single module. Here’s how;

  • Identifying the resources: All you need to do is add relevant resources such as Repositories and Builds (from Artifactory), Release bundles (from Distribution), Destinations (Edge nodes) and Pipeline Sources (From JFrog Pipelines) to a single Permission target.

Alt Text

  • Selecting Users/Groups and defining CRUD permissions for each role: When selecting several users or groups, you can simply select an entity to allocate necessary permissions to them as shown below:

Alt Text

These permissions define various action items that are available for the resources selected.
Briefly, they are CRUD permissions + Xray Metadata permissions for Artifactory resources such as Repositories, Builds and Release bundles. Additionally, Distribute and Trigger permissions are specifically for Distribution and JFrog Pipelines.

The permissions as mentioned above can be assigned to users/groups that can be linked to any identity provider that is synchronized with Artifactory with simple integrations such as LDAP/SAML.

The process of managing the whole permissions model thus becomes simpler and complete for the admins. Enjoy the unification and try out the whole new platform yourself!

Discussion (0)