Managing roles and permissions

Ivanti incapptic Connect uses roles—whose permissions are defined during system setup—to act as functional boundaries for users doing similar things. Every user must be assigned to a role. This section explains how to apply roles and permissions within your Ivanti incapptic Connect system.

Understanding roles and permissions

Ivanti incapptic Connect uses Access Control Lists (ACLs) to regulate access to the features. Features are grouped and enabled for the roles that use them:

  • Global roles and permissions – for example, deleting a user account.
  • App-specific (scoped) roles and permissions – for example, submitting a new version of an app.

Roles are assigned to users to provide the necessary bundle of features they will need to perform their duties. Scoped roles are specific to the app they support. For example, a role can specify a user as a developer for a specific app. That user will see only their app, and actions are limited to developer functions.

Understanding Ivanti incapptic Connect functional roles

Ivanti incapptic Connect default roles are focused on the following users:

Scoped roles:

  • Developer – A developer typically submits the binary and the metadata of an app release.
  • App owner – An app owner typically approves the publishing of an app release, including the binary and the metadata. They also invite and assign developers to their app.
  • API user – An API user uploads binary files through the Continuous Integration/Continuous delivery (CI/CD) API. This role is usually assigned to technical users needing a CI/CD system with the fewest permissions.

Global roles:

  • Publisher – A publisher publishes apps to the stores. They might also check the apps before sending them. Publishers are sometimes also responsible for user management.
  • Admin – An admin has full control over the Ivanti incapptic Connect system. They typically manage users, targets, and certificates.

Because these roles can be configured differently for different environments, all expected features might not be available for your role. In particular, app owners and developers may notice that some features and information may not be visible in your environment. Conversely, you may also have additional functions assigned to you.

Reconfiguring role permissions after setup

The roles were assigned their permissions during the Ivanti incapptic Connect initial setup process. They can be reconfigured by technical experts using a special administration console that is not accessible through the application itself.