Skip to main content












Set Up the Permissions in a Team

  • Edit
    Collaborate with us
    Edit this page on GitHub
  • Using teams, you can manage the permissions of several IT users working in the same business team, over all the applications they own, without having to grant permissions on each application individually.

    In this example we want to:

    • Allow developers in Team Baking and Team Intranet to see and work only on the applications of their respective teams.

    • Allow a senior developer of Team Banking to both debug and add dependencies to the core applications Customers and Services, but without granting permissions to make changes to those applications. These applications are managed by another team, the Team Core Applications.

    To follow the principle of security by default, we will set the IT users with a default role that grants them as little base permissions over applications as possible, and we will define all permissions necessary to perform their work through a team.

    To allow the developers to work with their team’s applications, do the following:

    1. Create a new role that has the permission level Access.

    2. Create IT users for all developers with this new role set as the default role. This defines base permissions that only allow all developers to log in to an environment without granting access to any application.

    3. Create another role that explicitly grants the higher permissions necessary to work on the applications of those teams, such as Change and Deploy Applications.

    4. If the team doesn’t exist yet, create a new team and add all the applications that are managed by the team.

    5. Add the developers to their respective teams with the role that grants them higher permissions.

    You will get something like this:

    Checking the permissions of the users, you can see that they have Change and Deploy permission over the applications of their team, but no access over any other application in the environment.

    Now, let’s configure a senior developer in the Team Banking to debug and add dependencies to the applications of Team Core Applications:

    1. Create a new role called Senior Developer that has the permission level Open and Debug Applications. To add dependencies to the applications, the permission level Monitor and Add Dependencies would be enough, but as the senior developer also needs to debug the applications, we must grant the above permission level, which also allows users to open and debug modules in applications.

    2. If the Core Applications team doesn’t exist yet, create the team and add the applications Customers and Services to that team.

    3. Add the senior developer to this team with the role Senior Developer.

    The senior developer of Team Banking can now debug and add dependencies to the core applications Customers and Services from other applications, but has no permissions to make changes to Customers and Services applications.

    • Was this article helpful?