Execution Environment Permissions

Administrators can configure execution environment permissions to control which Publishers can access specific execution environments in Connect. By default, an execution environment has no configured permissions, and is accessible by all Publishers.

Overview

When an execution environment has no configured permissions, all Publishers can use it to build or deploy their content.

Connect enforces access to execution environments with configured permissions as follows:

  • Administrators:
    • Always have full access to all execution environments.
    • Do not need to be included on any environment’s permissions list.
    • Can view, use, and manage all environments regardless of permissions.
  • Publishers:
    • Must be granted access directly or through a group.
    • Can only view and use environments they have access to.
  • Viewers:
    • Viewers are restricted by content permissions and cannot view or select execution environments for any content.

Configuration

Administrators can use the Connect API or the Connect UI’s Environments tab to grant or revoke access to execution environments for users and groups.

To configure execution environment permissions in the Connect UI:

  1. Navigate to the System > Environments tab.

  2. Expand an environment’s details by clicking on it. The Access Control section displays the current permissions for an environment.

    A screenshot of the Environments tab in the Connect UI with a red box around the Access Control section of an environment's details.

  3. Click the edit button next to an environment title to open an Edit Environment window, where you can view and edit the current permissions in the Access Control section.

  4. Search for users or groups to add them to the Access Control list.

    A screenshot of the Edit Environment window with a red box around the Access Control search bar.

  5. Click Update to save your changes.

Permission enforcement

Connect enforces execution environment permissions at a few different points in content lifecycle.

Note that Connect does not enforce changes to execution environment permissions for running content. To ensure that permissions changes take effect, you must stop and restart any running content configured to use the execution environment. Administrators can use a script in the cookbook to automate stopping all running content for a specific execution environment.

When creating or updating content

Content owners and collaborators must have access to an execution environment to configure content to use it. This includes actions such as:

When building or deploying content

  • The content owner must have access to the execution environment.
  • If the content owner doesn’t have access to the execution environment, the content will fail to build or deploy, even if a collaborator with access initiates it.
  • Collaborators do not need access to the execution environment.