Overview of Package Security

This section addresses the data and process security related to creating and processing packages in Deployment Management. Deployment Management lets you determine who can participate in package deployment. You can restrict user actions based on the following:

  • Package creation

    • Who can create packages

    • Who can use a specific workflow

    • Who can use specific object types

  • Package processing

    • Who can approve or process each step in the workflow

    • Whether you only want participants to process the packages. Participants are defined as the assigned user, the creator of the package, members of the assigned group, or any users who have access to the workflow steps.

  • Managing deployment

    • Who can change the workflow

    • Who can change each object type

    • Who can change the environment and environment group definitions

    • Who can change the security group definitions

Configuring this data and process security often involves a setting a number parameters, such as:

  • Licenses

  • Access grants

  • Object type, workflow, and security group settings

  • Field-level settings

This lets you control which processes are used for deployments and which environments are affected.

Note: The screen and function access that access grants provide is cumulative. A user who belongs to three different security groups has access to all of the user interface and functionality available to the three groups combined. To restrict certain screen and feature access, remove the user from any security group that grants that access.

You can use the Access Grants tabs in the User window to see all security groups where specific access grants are included. You can then:

  • Remove the user from the security group (on the Security Group tab in the User window).

  • Remove the access grants from the security group (in the Security Group window). Do this only if no one in that security group needs the access that the access grant provides.

This section provides information about how to allow a user to view or edit items in Deployment Management. To restrict access, you can change settings or remove the access grants or licenses.