Team Roles Configuration Reference
Configuration Properties
The list of configuration properties for each Team Role specified in a System Type is resumed below:
- assigneeRbacRole: The RBAC role that will be granted to users assigned to the Team Role as full assignee
- limitedAssigneeRbacRole: (Optional) RBAC role that will be granted to users to the Team Role as limited assignee. If omitted, a Team Role cannot specify limited assignees.
As of now, assignees, either full or limited, cannot be groups.
Bare minimum permissions needed for each Team Role
The table below resumes, for each Team Role, the Practice Shaper relation (or configuration keyword), the required RBAC permission of the linked RBAC role for assignees and finally the required RBAC permission of the linked RBAC role for limited assignees.
| Team Role | Practice Shaper Relation | Full Assignee RBAC Permission | Limited Assignee RBAC Permission | Bare minimum set of permissions |
|---|---|---|---|---|
| Owner | isOwnedBy | control-plane.project.team-roles.manage | control-plane.project.team-roles.limited-manage | catalog.entity.read catalog.location.readcontrol-plane.project.team-roles.manage OR control-plane.project.team-roles.limited-manage |
| Data Access Manager | dataAccessGrantedBy | control-plane.project.manage-access | control-plane.project.limited-manage-access | catalog.entity.readcatalog.location.readcontrol-plane.project.manage-access OR control-plane.project.limited-manage-access |