The system manages users in its database, and allows you to control the privileges of users (through the groups you assign them to). You assign privileges to groups, then make each user a member of appropriate groups.
This is a role-based system: each group represents a role a user can have in your organization, and roles have privileges. A user's privileges are the sum of the groups the user belongs to. You cannot assign privileges to individual users directly, only to groups.
The system also uses access groups for notification. When you ask the system to send notification messages, the target of the messages must be an access group. See Setting Up Notification for more information.
Security privileges, or permissions, define what a group can do and/or see. They can serve as a filter on the group's experience of the system. For example, a user who is a member of the Guest group (and no other groups) sees only Projects which have the Guest group assigned as their Access property. That user can only launch projects with Guest access. If the user was also a member of the Developer group, he would see all the projects whose Access properties were either Guest or Developer.
The activities and resources that you can control with access groups are Permissions, Servers, Projects, Steps, and Access Groups.
To extend access to a resource (Server, Project, or Step) to a particular group, select that resource and change its Access field to that group's name. For example, to give the Developer group access to a particular server named Win234, set the server's Access property to Developer. NOTE: A user who is not a member of a server or project's Access Group does not see that object listed on the Server or Project list pages. A user who is not a member of a step's Access Group can see the step in the list for the project, but cannot edit it or run it; if the user runs the project that contains the step, the system skips the steps the user does not have access to.
To allow members of one access group to edit another access group, set one group as the Control Group of the other. For example, to allow Group A members to add members to Group B, make Group A the Control Group for Group B.
To extend a global privilege to a group, use the
page to enable a particular permission for that group.This flexible model allows you to securely give one privilege (such as the ability to run builds) to some types of users, while restricting others (such as the right to edit projects or use certain servers).