A permission allows a user to perform specific operations in a Cloud Platform organization or application. Permissions are grouped into roles. Roles are then assigned to team members. All the team members who have the same roles have the same permissions.
Acquia defines over 40 separate, grouped permissions, listed in the following Permissions list table. You can also view all the available permissions by opening the Roles page for an organization and viewing a role, as described in Working with roles and permissions.
Many permissions distinguish between production and non-production environments. You can allow team members to only work on non-production environments, or grant access to both production and non-production environments. For example, the Senior developer role includes the permissions to pull and deploy code in production and non-production environments, while the Developer role only grants these permissions for non-production environments.
Permissions in Cloud Platform don’t control actions users take on your Drupal website, such as:
- Creating content
- Enabling and configuring Drupal modules
- Adding or removing Drupal users
Use the Drupal permissions administration to control access to Drupal functions.
Permissions list
The following types of permissions are available to Cloud Platform users:
- Administration permissions
- Cron permissions
- Database permissions
- Domain permissions
- Logs permissions
- Pipelines permissions
- SSH key permissions
- Search permissions
- Infrastructure administration permissions
- Support permissions
- Workflow permissions
Administration permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Access the Cloud Platform API This permission is not applicable to Cloud Platform API v2. | ✓ | ✓ |
| Add or remove a user of a team This permission enables users to assign themselves any user’s role, including the Team Lead role. | ✓ | ✓ |
| Add application tags | ✓ | ✓ |
| Delete application tags | ✓ | ✓ |
| Edit Remote administration | ✓ | ✓ |
| View Remote administration | ✓ | ✓ |
| Access to legacy product keys This permission gives you access to legacy product keys. | ✓ | ✓ |
Cron permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Modify cron tasks for non-production environments | ✓ | ✓ |
| Modify cron tasks for the production environment | ✓ | ✓ |
Database permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Add a database | ✓ | ✓ |
| Create database backups for non-production environments | ✓ | ✓ |
| Create database backups for the production environment | ✓ | ✓ |
| Download database backups for non-production environments | ✓ | ✓ |
| Download database backups for the production environment | ✓ | ✓ |
| Remove a database | ✓ | ✓ |
| Restore database backups for non-production environments | ✓ | ✓ |
| Restore database backups for the production environment | ✓ | ✓ |
| View database connection details (username, password, or hostname) | ✓ | ✓ |
Domain permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Add or remove SSL certificates for non-production environments | ✓ | ✓ |
| Add or remove SSL certificates for production environments | ✓ | ✓ |
| Add or remove domains for non-production environments | ✓ | ✓ |
| Add or remove domains for production environment | ✓ | ✓ |
| Managing Platform CDN (provisioning/deprovisioning the CDN) for production environment | ✓ | ✓ |
| Managing Platform CDN for non-production environment | ✓ | ✓ |
Logs permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Administer log forwarding for non-production environments | ✓ | 𐄂 |
| Administer log forwarding for the production environment | ✓ | 𐄂 |
| Download logs for non-production environments | ✓ | ✓ |
| Download logs for the production environment | ✓ | ✓ |
Pipelines permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Execute Pipelines | ✓ | ✓ |
SSH key permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Add SSH key to Git repository | ✓ | ✓ |
| Add SSH key to non-production environments | ✓ | ✓ |
| Add SSH key to the production environment | ✓ | ✓ |
Search permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Edit the search schema on a subscription with Solr 4.5 | ✓ | ✓ |
| Increase the search index limit on a subscription with Solr 4.5 | ✓ | ✓ |
| Create, update, and delete indexes and configuration sets within an application with Solr | ✓ | ✓ |
Infrastructure administration permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Configure infrastructure | 𐄂 | ✓ |
| Reboot infrastructure | 𐄂 | ✓ |
| Resize infrastructure | 𐄂 | ✓ |
| Suspend infrastructure | 𐄂 | ✓ |
Support permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Create a Support ticket | ✓ | ✓ |
| Include as a collaborator on all tickets by default (Permission is assignable to no more than 20 users. Administrators have priority for inclusion.) | ✓ | ✓ |
| View and edit any Support tickets for a subscription | ✓ | ✓ |
Workflow permissions
| Permission | Cloud Platform Enterprise | Cloud Platform Professional |
|---|---|---|
| Add an environment | ✓ | 𐄂 |
| Clear caches for non-production environments | ✓ | ✓ |
| Clear caches for the production environment | ✓ | ✓ |
| Configure non-production environments | ✓ | ✓ |
| Configure production environment | ✓ | ✓ |
| Create and manage own remote IDEs | ✓ | ✓ |
| Delete an environment | ✓ | 𐄂 |
| Deploy code, files, or databases to the production environment | ✓ | ✓ |
| Manage any remote IDEs | ✓ | ✓ |
| Manage environment variables on a non-production environment | ✓ | 𐄂 |
| Manage environment variables on a production environment | ✓ | 𐄂 |
| Move files from non-production environments | ✓ | ✓ |
| Move files from production environments | ✓ | ✓ |
| Move files to non-production environments | ✓ | ✓ |
| Move files to the production environment | ✓ | ✓ |
| Pull and deploy code, files, or databases to non-production environments Also grants the ability to enable or disable Live Development. | ✓ | ✓ |
| Pull files or databases from the production environment | ✓ | ✓ |
| View environment variables on a non-production environment | ✓ | 𐄂 |
| View environment variables on a production environment | ✓ | 𐄂 |
Cloud Platform API endpoints for permissions
The Cloud Platform API provides endpoints for permission management, including:
Deprecated permissions
Acquia deprecates permissions when the associated feature or API endpoint is deprecated or scheduled to be deprecated.