Use the Execute Inaccessible Server Auths permission to allow a user to
execute a step on a server with a server auth to which they do not have access.
As a prerequisite, the user must already have or be granted access to the
server (Servers > Access).
The server auth is simply a login used to access a server. Server auths
are associated with an access group (Servers > Server Auth > Access ).
You might create the following server auths for a server:
- a dev/dev server auth and associate it with the Developer access group
for the server
- a qa/qa server auth and associate it with the QA access group for the
server (the QA access group is user-created and in this example has the same
default permissions as the Developer access group)
- a prod/prod server auth and associate it with the Build access group for
the server
In the example, to allow a user who has access only to the qa/qa server
auth to be able to run a step as the prod/prod server auth, add the Execute
Inaccessible Server Auths permission to the QA access group.
Note: If the user has access to the server but does not have
access to the server auth through the Execute Inaccessible Server Auths permission,
the step will still run but only if the environment variable _USE_BFCREDS
is set. For details, see
Overriding Server Authentication.