Skip to Content

Harmony Permissions and Access

Introduction

Access to different areas within Harmony is based on a combination of user role permissions and environment access levels. This page provides definitions of Harmony terms related to permissions and access.

Harmony Administrative Terminology

Organization administrators should be familiar with these Harmony terms for organizations and environments:

  • Organizations
    • Organization: A unique Harmony organization in which administrators have full control over membership and security.
    • Member: A Harmony user who has been invited to an organization by an administrator.
    • Administrator: A member who is assigned to a role with Admin permission, allowing access to all features and functions available in the Management Console.
    • Role: A group of members that is assigned one or more permissions. Initially, when a Harmony organization is created, an Administrator role (with Admin permission) and a User role (with Read permission) are created by default. Administrators can create additional roles and add members to multiple roles.
    • Permissions: Permissions are assigned to a user role and limit a member's access to defined areas of an organization.
  • Environments
    • Environment: An environment is set up within an organization and is used to segregate different states of an integration project and its assets. For example, an organization might have three environments: Development, Test, and Production.
    • Access Levels: Access levels are assigned to a role that has been granted access to an environment. They are used in combination with role permissions to further the ability of administrators to control what members of a specific role can do in a specific environment. Access levels include View Logs, Read, Execute, and Write (defined under Access Levels in Environments).

The areas that a Harmony member can access depend on the combination of their role permissions and environment access levels. Permissions and access levels are set independently and are different from each other. For example:

  • A member of a role with Read permission may still be able to make edits in an environment if Write access is granted to the role at the environment level.
  • A member of a role with Admin permission but with only Read access at the environment level is not able to deploy, execute, or edit projects in that environment.
  • A member of a role with Admin permission but with no environment access is not able to access the environment at all.
  • A member of a role with Read permission and with Read access in Environment A and Write access in Environment B is able to migrate a project from Environment A to Environment B.

In order to access an environment, roles (even roles with Admin permission) must be granted access to an environment for most apps. This includes being able to access areas of Harmony applications that require an environment to be selected and being able to install Private Agents in an environment.