User Role Management
Available from Travis CI Enterprise 3.1.0
Travis CI introduces the new User Role Management feature to increase security and functionality. This feature offers more granular access control management, adding more strict access rights management while continuing to protect vital information that may be present in the CI/CD build job logs.
This feature allows Travis CI administrators to execute permission limits on user privileges to the minimum functionality necessary to work (on an as-needed basis) to protect particular build job logs.
Enabling User Role Management #
From the Travis CI Enterprise admin console, open the Config menu, expand the Advanced Settings menu on the left and click on the Users Roles Management.
To enable the setting, select the Enabled option and save the settings.
Travis CI Roles #
New Travis CI Users are created via the “sign-in with…” functionality, linking a third-party application (GitHub, Assembla, BitBucket, or GitLab) to Travis CI. See Getting Started for more information.
In Travis CI, user access to Travis CI repositories and accounts functionalities and the following are the different types of user roles:
- Admin:
- Repository: manages repository settings, triggers builds, and can utilize various functions around builds.
- Account: able to activate repositories in Travis CI and billing.
- Push (Write) User:
- Repository: triggers builds and can utilize various functions around builds.
- Account: able to request repository activation in Travis CI.
- Pull (Read) User:
- Repository: cannot trigger builds and has limited functionality around builds
- Account: able to request repository activation in Travis CI
- Owner: an owner is an admin user for the owned Repository and accounts. An owner can be a user or an organization.
This feature authorizes admin users to handle regular users to their liking. Regular users must still log in using a version control system (VCS). Therefore, the User Management functionality allows admin users to identify regular user roles for those with access to Travis CI.
Member Management Tab #
The Member Management tab presents a list of users with their respective roles.
Travis CI admin users are presented with a list of users and have access to change or assign the roles of regular users. Admin users can use the “Sync org” or “Sync users” to update the list of users.
The following are the available fields where each user can be associated with several roles.
- Name: displays the user’s name.
- Login: displays the login email for the user.
- Old Role: displays the previous authorization permissions for the selected user.
- New Role: Shows the role or number of roles assigned to the selected user. Allows admin users to choose or change the role or roles for the selected user.
- All: Enables all four options.
- Admin: Has all account and repository permissions.
- Account Settings Editor: Access to create and edit account settings.
- Account Settings Admin: Unlimited access to manage the account and can manage account plans, billings, and contacts.
- Account Plan Viewer: Can invoice, use, and view the account plans.
- Can Build: Check the checkbox to authorize the selected user to build.
User Management Tab #
The User Management tab lists the users with access to the repository, and Travis CI admin users can assign repository connection roles.
The following are the available fields where each user can be associated with several roles.
- Name: displays the user’s name.
- Login: displays the login email for the user.
- New Role: Shows the role or number of roles assigned to the selected user. Allows admin users to choose or change the role or roles for the selected user.
The available roles and their current permissions are shown in the table below:
| Role | Permissions (Technical) | Permission Description |
|---|---|---|
| Repository.Settings.Editor | repository.settings.create, repository.settings.update, repository.settings.delete | Can fully manage the repository settings |
| Repository.Settings.Viewer | repository.settings.read | Can read the repository settings |
| Repository.Builds.Restarter | repository.build.restart | Can restart the repository builds |
| Repository.Builds.Triggerer | repository.build.create, repository.build.cancel | Can create and cancel the repository builds |
| Repository.Builds.Cancel | repository.build.cancel | Can cancel the repository builds |
| Repository.Logs.Viewer | repository.log.view | Can view the repository logs |
| Repository.Logs.Admin | repository.log.delete, repository.log.view | Can delete and view the repository logs |
| Repository.Builds.Debugger | repository.build.debug | Can debug the repository builds |
| Repository.Cache.Editor | repository.cache.delete, repository.cache.view | Can delete and view the repository caches |
| Repository.Cache.Viewer | repository.cache.view | Can view the repository caches |
| Repository.Collaborator | repository.build.create, repository.build.cancel, repository.build.restart, repository.log.delete, repository.log.view, repository.build.debug, repository.cache.view | Can fully manage builds and logs. Can view the repository caches |
| Repository.Admin | repository.settings.create, repository.settings.update, repository.settings.delete, repository.build.create, repository.build.cancel, repository.build.restart, repository.log.delete, repository.log.view repository.build.debug, repository.cache.delete, repository.cache.view, repository.cache.view | Has unlimited access to manage the repository. He can fully manage repositories and builds, logs, and caches. |
| Repository.Reader | repository.log.view, repository.cache.view | Can view the repository logs and caches |
| Account.Settings.Editor | accounts.settings.edit, account.settings.create | Can create and edit accounts settings |
| Account.Settings.Admin | account.settings.delete, accounts.settings.edit, account.settings.create, account.plan.create, account.plan.invoices, account.plan.usage, account.billing.view, account.contact.view, account.billing.update, account.contact.update | Has unlimited access to manage the account. Can fully manage account plans, billings, and contacts |
| Account.Plan.Viewer | account.plan.invoices, account.plan.usage, account.plan.view | Can create invoices, usage, and view the account plans |
| Account.Plan.Editor | account.plan.create, account.plan.invoices, account.plan.usage | Can fully manage the account plans |
| Account.Billing.Editor | account.billing.view, account.contact.view, account.billing.update, account.contact.update | Can view and update the account billings and contacts |
| Account.Billing.Viewer | account.billing.view, account.contact.view | Can view the account billings and contacts |
| Account.Admin | all perms (including Repository object permissions) | Has all the account and the repository permissions |
Travis Admin and extended VCS synchronization logic #
All Travis CI Admin users can access the additional Repository and Account (personal or organizational) settings screen, where they can configure the new roles and permissions assigned to a single user, either at the Account or the Repository level.
The new permission system implemented in Travis CI updates the modified roles and permissions after every synchronization with the version control system (VCS). The goal of the new permission system is to upgrade any modifications made by Admin users with access to these settings to single users’ roles and permissions.
The process for the new permission system is as follows:
- Synchronization with a version control system. Occurs daily or on-demand.
- The new systems’ mapping assigns a correct Travis CI role according to the existing role from the VSC provider.
- The new roles and permission system records new roles and permission updates in the database and checks for any modification to user settings.
- The new roles and permission system assigns each existing system user the default set of settings (roles and permissions) obtained from the VSC access rights during the VCS synchronization.
- The new roles and permissions service creates or updates the new roles and permissions.
Note: If errors occur, unprocessed requests are queued to retry sync with VCS, and error logs are registered.
Note: Suspending or unsuspending a user’s repository access removes the user’s build-triggering access and assigns the respective Repository Reader role.
Note: Suspending or unsuspending a user’s account access removes the user from all Admin and editing roles and allows the user to be only a Plan Viewer and Billing Viewer.
When existing Travis CI users log in, the user’s current membership and permissions are checked against the new permissions service to check for any role or permission modifications.
The following table displays the action executed for each specific modification of settings for user accounts and repositories.
| Permission Modifications | Action executed |
|---|---|
| User permissions creation | The new permission service creates the user and adds the new permissions. |
| User permissions were not modified | The new permission service does not modify permissions. |
| User permissions are extended | The new permission service updates the permissions to match permissions received from version control system synchronization. |
| User permissions are restricted | The new permissions service |
| User access is removed from Repository | All TCI roles and permissions for user repository access are removed. If the removed user has a personal account and invites collaborators to his personal repositories, Travis CI directly maps the collaborators’ access rights to the owners’ Travis CI Repository. |
| User access is removed from Account | All TCI Roles and permissions, in the context of the users’ Travis CI account, are removed. |
Roles and Permissions #
The following tables display the new roles and permissions for repositories and accounts.
Roles #
| Previous Repository Roles | New Roles | Permissions |
|---|---|---|
| admin user | Repository.Settings.Editor | repository.settings.create, repository.settings.update, repository.settings.delete, repository.settings.read |
| admin user | Repository.Settings.Viewer | repository.settings.read |
| admin user, push user | Repository.Builds.Restarter | repository.build.restart |
| admin user, push user | Repository.Builds.Triggerer | repository.build.create, repository.build.cancel |
| admin user, push user | Repository.Builds.Cancel | repository.build.cancel |
| admin user, push user, pull user, anonymous (for public repos) | Repository.Logs.Viewer | repository.log.view |
| admin user | Repository.Logs.Admin | repository.log.delete, repository.log.view |
| admin user, push user | Repository.Builds.Debugger | repository.build.debug |
| admin user | Repository.Cache.Editor | repository.cache.delete, repository.cache.view |
| admin user, push user, pull user | Repository.Cache.Viewer | repository.cache.view |
| push user | Repository.Collaborator | repository.build.create, repository.build.cancel, repository.build.restart, repository.log.delete, repository.log.view, repository.build.debug, repository.cache.view |
| admin user | Repository.Admin | repository.settings.create, repository.settings.update, repository.settings.delete, repository.build.create, repository.build.cancel, repository.build.restart, repository.log.delete, repository.log.view, repository.build.debug, repository.cache.delete, repository.cache.view, repository.cache.view, repository.scan.view |
| pull user | Repository.Reader | repository.log.view, repository.cache.view, repository.build.restart |
| pull user | Repository.State.Editor | repository.state.update |
Accounts #
| Previous Account Roles | New Roles | Permissions |
|---|---|---|
| admin | Account.Settings.Editor | account.settings.edit, account.settings.create |
| admin | Account.Settings.Admin | account.settings.delete, accounts.settings.edit, account.settings.create, account.plan.create, account.plan.invoices, account.plan.usage, account.billing.view, account.billing.update, account.contact.view, account.contact.update |
| admin,push user | Account.Plan.Viewer | account.plan.invoices, account.plan.usage, account.plan.view |
| admin | Account.Plan.Editor | account.plan.create, account.plan.invoices, account.plan.usage |
| admin | Account.Billing.Editor | account.billing.view, account.contact.view, account.billing.update, account.contact.update |
| admin, push user | Account.Billing.Viewer | account.billing.view, account.contact.view |
| admin | Account.Admin | all permissions (including both Account and Repository object permissions) |
The following tables show the Travis CI roles and permissions corresponding to those taken from each version control system.
GitHub #
The following table displays GitHub repository roles.
| GitHub Role | Travis CI Role |
|---|---|
| Admin | admin user |
| Read | pull user |
| Triage | pull user |
| Write | push user |
| Maintain | push user |
The following table displays GitHub organization roles.
| GitHub Role | Travis CI Role |
|---|---|
| Owner | admin user |
| Member | push user |
| Moderator | push user |
| Billing Manager | |
| Security Manager | push user |
Assembla #
| Assembla Role | Travis CI Role |
|---|---|
| Owner | admin user |
| Member | push user |
| Watcher | read user |
GitLab #
| GitLab Role | Travis CI Role |
|---|---|
| Owner | admin user |
| Maintainer | admin user |
| Developer | push user |
| Reporter | pull user |
| Guest | pull user |
Bitbucket #
| Bitbucket Role | Travis CI Role |
|---|---|
| Admin | admin user |
| Read | pull user |
| Write | push user |