Deployment Permissions

Deployment permissions determine the access level that users have on deployments and also the access level that users have on all engines managed by the deployment.

Note: For a description of permissions for legacy Kubernetes deployments, see Legacy Deployment Permissions.

Engines inherit the permissions assigned to the deployment. For example, if you grant a user Execute permission on a deployment, that user also has Execute permission on all engines managed by that deployment.

Engines automatically inherit all permission changes on the parent deployment. You do not need to restart engines for the changed deployment permissions to take effect.

When you share a deployment, you can grant users and groups the following access levels to the deployment and to all engines managed by the deployment:

Read - View the details of the deployment and of all engines managed by the deployment. Restart or shut down individual engines managed by the deployment in the Engines view.
Write - Edit, start, stop, and delete the deployment. Delete engines managed by the deployment. Also requires read access on the parent environment.
Execute - Start jobs on engines managed by the deployment. Starting jobs also requires execute access on the job and read access on the pipeline.