Skip to main content

Role Management

With Appcircle's Advanced Role Management structure, you can assign specific roles to organization members for each module, allowing you to manage and restrict their permissions effectively. Appcircle provides various role types for each module, with a brief description of each role provided in the table below. For more detailed information on role management for each module, please refer to the respective module titles.

  • Owner: The user is authorized for unlimited access to all modules.
  • Manager: The user becomes the administrator of the relevant module with no restrictions.
  • Operator: The user manages the operations of the relevant module, with certain restrictions in place.
  • Ext. Operator: The user has very limited authorization in the relevant module, typically intended for third-party employees from outside the company.
  • Viewer: The user only has view authorization in the relevant module and cannot take any action.
Role Types

Some role types are not used in certain modules because they are redundant or unnecessary, as they serve the same function as another role. Therefore, roles may vary for each module.

Build Permissions

The following table details the roles and restrictions for the Build module. Please refer to the related module information and caution notes.

Build Sub-modulesScopesOwnerManagerOperatorViewer
Build ProfileAdd/Delete/Update Build Profiles
Build ProfileList Build Profiles
Build ProfileBuild List
RepositoryConnect/Disconnect Repository
ConfigurationAdd/Delete/Update Build Configuration
ConfigurationView Build Configuration
WorkflowAdd/Delete/Update Workflows
WorkflowView Workflows
TriggersAdd/Delete/Update Triggers
TriggersView Triggers
Build ActionsStart Build
Build ActionsDelete Commit Artifacts
Build ActionsDownload Artifacts
Build ActionsDistribution Binary
Test ResultsList Test Results
ConnectionAdd/Delete/Update Connections (User Based)
ConnectionList Connection (User Based)
RunnerAdd/Delete/Update Runner(Root Only)
RunnerList Runner(Root Only)
Runner Access TokenCreate/Delete Runner Access Token
Runner Access TokenList Runner Access Token
ReportList Build Reports
Distribution Binary and Runner Details
  • Manager or Operator Build Profile permission can distribute binary if user has Manager or Operator distribution permission.
  • Manager or Operator Build Profile permission can publish if user has Manager or Operator Publish Android/iOS permission.
  • Manager, Operator and Viewer Build Profile permissions can view self-hosted runners but cannot modify the configuration.

Environment Variables Permissions

The following table details the roles and restrictions for the Environment Variables. Please refer to the related module information and caution notes.

Environment VariableScopesOwnerManagerViewer
Environment VariableAdd/Delete/Update Environment Variable Groups
Environment VariableAdd/Delete/Update Environment Variable
Environment VariableList Environment Variable
Environment VariableList Environment Variable Groups
info

Manager, Operator and Viewer Environment Variable permissions can use variable groups in Build profile configuration.

Signing and Identity Permissions

The following table details the roles and restrictions for the Signing and Identity module. Please refer to the related module information and caution notes.

Signing Identity Sub-modulesScopesOwnerManagerViewer
Apple CerficateAdd/Delete/Download Apple Certificates
Apple CerficateList Apple Certificates
Apple Cerficate Signing RequestAdd/Delete/Download CSR
Apple Cerficate Signing RequestConvert CSR to .p12
Apple Cerficate Signing RequestList CSR
Apple IdentifiersAdd/Delete/Update Apple Identifiers
Apple IdentifiersList Apple Identifiers
Apple ProfileAdd/Delete/Update Apple Profiles
Apple ProfileList Apple Profiles
KeystoreAdd/Delete/Update Keystores
KeystoreList Keystores
ReportList Signing Reports
Signing and Identities

Manager and Viewer Signing Identity permissions can use signing identities in Build profile configuration.

Signing Identity Permission
    • Manager Signing Identity permission can delete Apple Certificates and Apple Profiles if user has Manager Build permission.

Testing Distribution Permissions

The following table details the roles and restrictions for the Testing Distribution module. Please refer to the related module information and caution notes.

Testing DistributionScopesOwnerManagerOperatorExt. OperatorViewer
Distribution ProfileAdd/Delete/Update Distribution Profile
Distribution ProfileSetting Update Distribution Profile
Distribution ProfileList Distribution Profiles
App VersionAdd/Delete/Update App Version
App Version ActionsSend to Testers
App Version ActionsSend to Enterprise App Store
App Version ActionsSend to Publish
SettingsSelect Authentication Type
SettingsView Authentication Settings
Apple DeviceAdd/Delete Apple Device
Apple DeviceRegister Devices to Apple Developer
Apple DeviceAdding New Device to Provision
Apple DeviceSync from Apple Developer
Apple DeviceList Apple Device
ReportList Reports App Version
ReportList Reports App Sharing
Apple Devices
  • Manager or Operator Testing Distribution permission can get Apple Devices if user has Manager Signing Identity permission.
Authentication Settings

If the selected Authentication type is Static login, Manager role can change Username and Password. However, it cannot change the content for other Authentication types such as LDAP or SSO.

Share with Tester

Users can share the binary with registered Tester Groups only if they have Viewer or higher Testing Group permission. However, users can still share the binary with individual testers by adding them manually.

Sending Binary
  • Manager or Operator Distribution Profile permission can send to Enterprise App Store if user has Manager or Operator Enterprise App Store permission.
  • Manager or Operator Distribution Profile permission can send to Publish if user has Manager or Operator Publish Android and Manager or Operator iOS permission.
  • Manager or Operator Distribution Profile permission can resign binary if user has Manager or Viewer Signing Identity Management permission.
Resign Binary

User can resign the binary if this user has Manager or Viewer Signing Identity permission

Testing Group Permissions

The following table details the roles and restrictions for the Testing Groups. Please refer to the related module information and caution notes.

Testing GroupsScopesOwnerManagerViewer
Testing GroupsAdd/Delete/Update Testing Group
Testing GroupsAdd/Delete/Update Testing Group Testers
Testing GroupsList Testing Groups
Testing GroupsList Testing Group Testers

Publish Module iOS Permissions

The following table details the roles and restrictions for the Publish module for iOS. Please refer to the related module information and caution notes.

PublishScopesOwnerManagerOperatorExt. OperatorViewer
Publish ProfilesAdd/Delete/Update Publish Profile
Publish ProfilesList Publish Profiles
App VersionAdd/Delete App Version
App VersionList App Versions
Publish Profile SettingsView/Update Profile Settings
Publish FlowsAdd/Delete/Update Publish Flow Step
Publish FlowsDownload Publish Flow
Publish FlowsUpload Publish Flow
Publish FlowsView Publish Flow
PublishStart/Restart/Stop Flow
PublishStart Single Step
PublishUpdate Publish Details
PublishView Publish Details
App Store Connect InfoList/Update App Store Connect Information
Check Release StatusGet Relese Status
MetadataUpdate Metadata Details
MetadataView Metadata Details
Mark as RCMarking RC a version
Resing BinaryResigning Binary
Release NoteUpdate Release Note
HistoryView/Download History Logs
HistoryList History
Download BinaryDownload Binary
Cancel SubmissionCancel Submission
Reject BinaryReject Binary
Activity LogsList Activity Log Details
Resign Binary

User can resign the binary if this user has Manager or Viewer Signing Identity permission

Publish Module Android Permissions

The following table details the roles and restrictions for the Publish module for Android. Please refer to the related modules information and caution notes.

PublishScopesOwnerManagerOperatorExt. OperatorViewer
Publish ProfilesAdd/Delete/Update Publish Profile
Publish ProfilesList Publish Profiles
App VersionAdd/Delete App Version
App VersionList App Versions
Publish Profile SettingsView/Update Profile Settings
Publish FlowsAdd/Delete/Update Publish Flow Step
Publish FlowsDownload Publish Flow
Publish FlowsUpload Publish Flow
Publish FlowsView Publish Flow
PublishStart/Restart/Stop Flow
PublishStart Single Step
PublishUpdate Publish Details
PublishView Publish Details
App Store Connect InfoList/Update App Store Connect Information
Check Release StatusGet Relese Status
MetadataUpdate Metadata Details
MetadataView Metadata Details
Mark as RCMarking RC a version
Resing BinaryResigning Binary
Release NoteUpdate Release Note
HistoryView/Download History Logs
HistoryList History
Download BinaryDownload Binary
Cancel SubmissionCancel Submission
Reject BinaryReject Binary
Activity LogsList Activity Log Details

Publish Environment Variables

The following table details the roles and restrictions for the Publish Variables module for Android. Please refer to the related modules information and caution notes.

PublishScopesOwnerManagerViewer
Environment VariableAdd/Delete/Update Environment Variable Groups
Environment VariableAdd/Delete/Update Environment Variable
Environment VariableList Environment Variable
Environment VariableList Environment Variable Groups
info

Google Play and Huawei AppGallery permissions are managed through a single rule. When this rule is used, it will apply to both platforms.

Enterprise App Store Permissions

Manage and Upload Apps to Enterprise App Store.

Ent. App Sub ModulesScopesOwnerManagerOperatorExt. OperatorViewer
Store ProfileAdd/Delete/Update Profiles
Store ProfileList Profiles
App VersionAdd/Delete/Update App Versions
App VersionDownload App Versions
App VersionList App Versions
App Version ActionsPublish App Version Live/Beta Channels
App Version ActionsNotify Users
SettingsUpdate Store Domain
SettingsUpdate Store Customization
SettingsSelect Authentication Type
SettingsView Authentication Settings
SettingsView Customization Settings
SettingsView Store Domain
ReportList Reports
Authentication Settings

If the selected Authentication type is Static login, Manager role can change Username and Password. However, it cannot change the content for other Authentication types.

Organization Management Permissions

The user can create an organization or sub-organization within license limits, add and remove members, and manage their permissions.

Also, the user can view self-hosted runners and change configuration.

Organization Management Sub-modulesScopesOwnerManagerViewer
Organization and Team ManagementCreate/Delete/Update Organization
Organization and Team ManagementCreate/Delete/Update Sub-Organization
Organization and Team ManagementAdd/Delete/Update User
Organization and Team ManagementAssign Role for User
Organization and Team ManagementList User
IntegrationsAdd/Delete/Update LDAP/SSO Integrations
IntegrationsView LDAP/SSO Integrations
Appcircle LoginCreate/Delete/Update SSO
Appcircle LoginList SSO
Appcircle LoginAdd/Delete/Update LDAP
Appcircle LoginList LDAP
PATGenerate PAT
PATView PAT
Runner Access TokenList Runner Access Token
Runner Access TokenCreate/Delete Runner Access Token
ReportView Organziation Report
ArtifactsView Retention Period
ArtifactsUpdate Retention Period
Organization Management

Whatever role a user is assigned in the root organization, they will have the same role in the sub-organizations. For example, someone who is a Manager in the root organization is automatically assigned as a Manager in the sub-organizations.

If you want to assign a role in a sub-organization, please do so within the respective sub-organization.

Appcircle Login and LDAP/SSO Integrations

LDAP/SSO integrations under Integration are only for setting authentication for logins to the Testing Distribution Testing Portal and Enterprise App Store.

Please use Appcircle Login for LDAP and SSO integration when logging into Appcircle.

Organization Management Role Assignment

The Manager role cannot assign itself and another user as Owner when assigning roles.

Billing Management Permissions

Manage the subscription, payment details, and invoices.

The following table details the roles and restrictions for the Billing details. Please refer to the related module information and caution notes.

Billing Sub-modulesScopesOwnerManager
SubscriptionList Subscription Details

Integrations and Connection Managements

Connect or disconnect from third-party service providers such as notification tools or store connections.

Notification Tools

Store Connections

Integrations and ConnectionsScopesOwnerManagerViewer
CredentialsAdd/Delete/Update Credentials
CredentialsView Credentials
NotificationsUpdate Notifications
NotificationsView Notifications