Included as part of a deployment process are the permissions required to perform various decisions or executions. PPM controls access to perform decisions and executions by:
Licenses: Provide users with access to a PPM products such as Deployment Management, but licenses do not dictate what actions a user is authorized to perform.
Access Grants: When used with licenses, access grants define the actions a user is authorized to perform within a product PPM.
For example, you can restrict a user's actions, as follows:
License, Deployment Management
Access Grant, View Packages - Those who can view packages
Access Grant, Edit Packages - Those who can edit packages
For more information concerning licenses and access grants, see the Security Model Guide and Reference.
When designing deployment processes, use security groups or dynamic access (tokens). Avoid specifying a list of users to control an action. If the list of users changes, you must update your workflow in a variety of places to keep the deployment process running correctly. By using a security group instead of a list of users, you can update the security group once, and the changes are propagated throughout the workflow.
Table 2-12. Example of workflow security groups provides an example of which security groups can access a deployment workflow, and at which workflow step.