A permission allows a user to perform specific operations in a Cloud Platform organization or application. Permissions are grouped into roles. Roles are then assigned to team members. All the team members who have the same roles have the same permissions.
Acquia defines over 40 separate, grouped permissions, listed in the following Permissions list table. You can also view all the available permissions by opening the Roles page for an organization and viewing a role, as described in Working with roles and permissions.
Many permissions distinguish between production and non-production environments. You can allow team members to only work on non-production environments, or grant access to both production and non-production environments. For example, the Senior developer role includes the permissions to pull and deploy code in production and non-production environments, while the Developer role only grants these permissions for non-production environments.
Permissions in Cloud Platform don’t control actions users take on your Drupal website, such as:
- Creating content
- Enabling and configuring Drupal modules
- Adding or removing Drupal users
Use the Drupal permissions administration to control access to Drupal functions.
Notes for Site Factory subscribers
Site Factory subscribers must use the Site Factory domains functionality to add more domains to their subscriptions. Domains added using the Cloud Platform user interface won’t work, and automated processes may delete them.
The following types of permissions are available to Cloud Platform users:
Acquia Code Studio permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Administer Code Studio for an application | ✓ | ✓ |
Acquia Search permissions¶
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
Acquia Search with Solr 7 With this permission, you can create, update, and delete indexes and configuration sets within an application. | ✓ | ✓ |
Administration permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
Access the Cloud Platform API
This permission is not applicable to Cloud Platform API v2. | ✓ | ✓ |
Access to legacy product keys
This permission gives you access to legacy product keys. | ✓ | ✓ |
| Add application tags | ✓ | ✓ |
Add or remove a user of a team
This permission enables users to assign themselves any user’s role, including the Team Lead role. | ✓ | ✓ |
| Delete application tags |
Cron permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Modify cron tasks for non-production environments | ✓ | ✓ |
| Modify cron tasks for the production environment | ✓ | ✓ |
Database permissions
Domain permissions
Logs permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Administer log forwarding for non-production environments | ✓ | 𐄂 |
| Administer log forwarding for the production environment | ✓ | 𐄂 |
| Download logs for non-production environments | ✓ | ✓ |
| Download logs for the production environment | ✓ | ✓ |
Edge CDN permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Administer Edge CDN | ✓ | ✓ |
Pipelines permissions
SSH key permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Add SSH key to Git repository | ✓ | ✓ |
| Add SSH key to non-production environments | ✓ | ✓ |
| Add SSH key to the production environment | ✓ | ✓ |
Infrastructure administration permissions¶
Support permissions
Workflow permissions
Cloud Platform API endpoints for permissions
The Cloud Platform API provides endpoints for permission management, including:
Deprecated permissions
Acquia deprecates permissions when the associated feature or API endpoint is deprecated or scheduled to be deprecated.
About Cloud Platform permissions
A permission allows a user to perform specific operations in a Cloud Platform organization or application. Permissions are grouped into roles. Roles are then assigned to team members. All the team members who have the same roles have the same permissions.
Acquia defines over 40 separate, grouped permissions, listed in the following Permissions list table. You can also view all the available permissions by opening the Roles page for an organization and viewing a role, as described in Working with roles and permissions.
Many permissions distinguish between production and non-production environments. You can allow team members to only work on non-production environments, or grant access to both production and non-production environments. For example, the Senior developer role includes the permissions to pull and deploy code in production and non-production environments, while the Developer role only grants these permissions for non-production environments.
Permissions in Cloud Platform don’t control actions users take on your Drupal website, such as:
- Creating content
- Enabling and configuring Drupal modules
- Adding or removing Drupal users
Use the Drupal permissions administration to control access to Drupal functions.
Notes for Site Factory subscribers
Site Factory subscribers must use the Site Factory domains functionality to add more domains to their subscriptions. Domains added using the Cloud Platform user interface won’t work, and automated processes may delete them.
The following types of permissions are available to Cloud Platform users:
Acquia Code Studio permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Administer Code Studio for an application | ✓ | ✓ |
Acquia Search permissions¶
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
Acquia Search with Solr 7 With this permission, you can create, update, and delete indexes and configuration sets within an application. | ✓ | ✓ |
Administration permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
Access the Cloud Platform API
This permission is not applicable to Cloud Platform API v2. | ✓ | ✓ |
Access to legacy product keys
This permission gives you access to legacy product keys. | ✓ | ✓ |
| Add application tags | ✓ | ✓ |
Add or remove a user of a team
This permission enables users to assign themselves any user’s role, including the Team Lead role. | ✓ | ✓ |
| Delete application tags |
Cron permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Modify cron tasks for non-production environments | ✓ | ✓ |
| Modify cron tasks for the production environment | ✓ | ✓ |
Database permissions
Domain permissions
Logs permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Administer log forwarding for non-production environments | ✓ | 𐄂 |
| Administer log forwarding for the production environment | ✓ | 𐄂 |
| Download logs for non-production environments | ✓ | ✓ |
| Download logs for the production environment | ✓ | ✓ |
Edge CDN permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Administer Edge CDN | ✓ | ✓ |
Pipelines permissions
SSH key permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|
| Add SSH key to Git repository | ✓ | ✓ |
| Add SSH key to non-production environments | ✓ | ✓ |
| Add SSH key to the production environment | ✓ | ✓ |
Infrastructure administration permissions¶
Support permissions
Workflow permissions
Cloud Platform API endpoints for permissions
The Cloud Platform API provides endpoints for permission management, including:
Deprecated permissions
Acquia deprecates permissions when the associated feature or API endpoint is deprecated or scheduled to be deprecated.
Cloud Platform