Predefined roles

The PactFlow application comes with the following predefined roles. Each role is assigned a collection of permissions.

Administrator

The user who signed up for the PactFlow tenant will be assigned the Administrator role. They are then able to assign the Administrator role to other users.

Default permissions

• authentication_settings:manage:*
• contract_data:bulk_delete:*
• contract_data:manage:*
• deployment_and_release:record:*
• environment:manage:*
• role:manage:*
• secret:manage:*
• system_account:manage:*
• system_preference:manage:*
• team:manage:*
• token:manage:own
• user:invite
• user:manage:*
• webhook:manage:*

User

All new users are assigned the User role (unless the default role has been updated in the system preferences). The User role is intended to work in conjunction with team assignments, and therefore has manage:team permissions (rather than manage:* permissions) for all resources that can be associated with a team. The User role should be assigned to all developers, testers and other users who create and verify contracts in the PactFlow platform.

Default permissions

• contract_data:bulk_delete:own
• contract_data:bulk_delete:team
• contract_data:manage:own
• contract_data:manage:team
• contract_data:read:*
• environment:read:team*
• role:read:*
• secret:manage:team
• system_account:manage:team
• system_account:read:*
• team:read:*
• token:manage:own
• user:read:*
• webhook:manage:team

CI/CD

This is the default role associated with a system account.

Default permissions

• contract_data:manage:own
• contract_data:manage:team
• contract_data:read:*
• deployment_and_release:record:*
• environment:read:*

Team Administrator

This role is automatically assigned to any user who is set as an administrator of a specific team. This role may not be edited or deleted, and cannot be assigned directly via the user roles APIs or UIs.

Default permissions

• team:manage:{uuid}

Viewer

Default permissions

• contract_data:read:*
• read_token:manage:own
• team:read:*
• user:read:*

Guest

A user with the guest role can only view contract related data through the UI, and has no API access.

The permissions associated with the guest role may not be modified.

Permissions

• contract_data:read:*

SwaggerHub

A user with the SwaggerHub role can be used to provide an API Token for the SwaggerHub integration, allowing SwaggerHub to verify published pacts against live Swagger docs.

The permissions associated with the SwaggerHub role may not be modified.

Permissions

• environment:read:*
• contract_data:read:*

Test Maintainer (deprecated)

The Test Maintainer role has been replaced by the User role. The difference between the User and Test Maintainer roles is that the User role has team scoped permissions for Webhook and Secret management.

Default permissions

• contract_data:bulk_delete:own
• contract_data:manage:own
• contract_data:manage:team
• contract_data:read:*
• role:read:*
• secret:manage:*
• system_account:read:*
• team:read:*
• token:manage:own
• user:read:*
• webhook:manage:*

Resetting permissions for predefined roles

Should you wish to reset the permissions assigned to each of the predefined roles back to their defaults as documented above (or upgrade from the globally scoped User role to the team scoped User role) you can follow these steps. Note that any custom roles will remain unaffected, and the user/role assignments are not changed.

• Click on the API button at the top right of the PactFlow dashboard.
• In the Links section, scroll down to the line where rel column has a value of pf:admin-roles.
• Click on the green arrow in the GET column that has the hover text "Follow link".
• Scroll up to the top of the page.
• In the Links section, if you can see the line with a rel of pf:reset, then you have the permissions required to reset the roles. If you cannot see this relation, then you do not have the required permissions.
• Click on the yellow ! button in the NON-GET column.
• Click on the blue Make Request button. You will see a 200 OK response with the updated list of roles.