Permissions

This page describes who has access to your Shippable subscription and repositories and the actions that different roles are allowed to take.

OAuth Authentication

We use OAuth authentication.

What this means is if you have either a GitHub or Bitbucket account, you do not need to create a separate account on our platform.

If you want to build repositories in your GitHub Enterprise instance, you will still need to sign in with GitHub or Bitbucket and add an account integration for GitHub Enterprise.

Authorizing Shippable

When signing in to Shippable, you will be prompted to give Shippable access to your repos. GitHub and Bitbucket auth behave a little differently as described below.

GitHub

When you sign in to Shippable for the first time, we only ask for access to public repos. This is because customers who only want to build open source projects do not want to grant a higher level of access.

If you want to use Shippable to build your private repos, you will need to authorize us for private repositories. This is done from your Account Settings Page. Read our documentation for more details.

Bitbucket

The Bitbucket API does not have public/private granularity, so we ask for access to all repos on Bitbucket by default.

Note

We realize that most people do not want to give write access to their repo. However, we need write permissions to add deploy keys to your repos for our webhooks to work. We do not touch anything else in the repo.

Who has access?

We closely mimic GitHub and Bitbucket permissions for organizations and projects.

Anyone who has access to an organization or repository in GitHub/Bitbucket will also have access to build information and/or repository and build actions on Shippable.

This happens automatically, so if you enable a repository in your organization on Shippable and another team member signs in, they will see the enabled repository and build history already present in their account.

We support 3 roles -

Admin : Admins have all privileges for an organization or Project. They can enable, run and delete projects, upgrade pricing plans, and view/run, cancel, and delete builds.

Collaborator : Collaborators can enable projects and view/run builds on Shippable. They cannot delete enabled projects or upgrade pricing plans.

Member : Members have the most restricted permissions. They can view builds on Shippable.

We map the different SCM roles to these three roles in Shippable. Based on these three Shippable roles, permissions are granted to perform specific actions.

Review the table below to view the different actions available for a specific Shippable role.

Shippable Role based actions for CI

Repository (Project) level

Categories Sub-categories Actions Member Collaborator Admin
Builds In SCM Trigger a Run through commit Yes Yes
Dashboard View Yes Yes Yes
Run Yes Yes
Re-run Yes Yes
Cancel Yes Yes
Run Custom Build Yes Yes
Download logs Yes Yes Yes
Projects Dashboard Enable Yes Yes
Options Synchronize Yes Yes Yes
Pause/Resume Yes Yes
Reset Yes
Delete Yes
Runs Config Branches to be displayed Yes Yes
Run types to be displayed Yes Yes
Configure Webhook Events for Triggering Builds Yes Yes
Run Parallel Jobs Yes Yes
Consolidate Reports Yes Yes
Custom Timeout Yes Yes
Low Coverage Alert Yes Yes
Encrypt Encrypt Yes Yes
Decrypt Yes
Badges Yes Yes Yes

Organization level

Categories Sub-categories Actions Member Collaborator Admin
Subscriptions Options Select Machine Image Yes Yes
Copy Deployment key Yes Yes Yes
Edit Technical Contact Yes
Edit Billing Contact Yes
Reset Subscription Yes
Integrations Add Integrations Yes Yes
Edit Integrations Yes Yes
Delete Integrations Yes Yes
Encrypt Encrypt Yes Yes
Decrypt Yes
Billing Update plan Yes
Nodes Change/configure Node provider Yes Yes
Edit BYON node Yes Yes
Reset BYON node Yes Yes
Delete BYON node Yes Yes

User level

Categories Sub-categories Actions Member Collaborator Admin
Account Settings Accounts Edit email All users with a Shippable account can perform these actions for their accounts
Synchronize
Enable git identities
Delete Account
Integrations Add Integrations
Edit Integrations Cards
Delete Integrations
Cards Add/Edit/Delete Credit Cards
API tokens Add/Delete API token


Review the mapping of the various SCM roles to the three Shippable roles:

User/Org Permissions mapping to Shippable Roles

Scm Org/Users SCM roles Shippable Roles
GitHub Org Member Collaborator
Admin Admin
Users Member Collaborator
Admin Admin
GitLab Org 10 - Guest Member
20 - Reporter Member
30 - Developer Collaborator
40 - Master Admin
50 - Admin Admin
Users Member Member
Admin Admin
Bitbucket Org Member Member
Contributor Collaborator
Owner Admin
Users All non-admin roles Member
Admin Admin
Bitbucket Server Org project_view Member
project_write Collaborator
project_admin Admin
Users All other roles Member
project_admin Admin

User Repository Permissions mapping to Shippable Roles

Scm SCM roles Shippable Roles
GitHub Pull Member
Push Collaborator
Admin Admin
GitLab 10 - Guest Member
20 - Reporter Member
30 - Developer Collaborator
40 - Master Admin
50 - Admin Admin
Bitbucket Contributer Collaborator
Owner Admin
Admin Admin
Bitbucket Server repo_write Collaborator
repo_admin Admin


Read more about permissions related to GitHub, Bitbucket, GitLab and Bitbucket Server.