Security in Stitch

Stitch sources are created under the Configuration tab of the CI Explorer. Using configuration or folder permissions, you can show/hide Stitch sources. As a Stitch source is also a CI, it has the same logic for permissions as all other CI’s.

Only Admin users have access to a Stitch tab and to perform actions in the tab without restrictions. By default, non-admin users, cannot view the Stitch tab in the CI-explorer.

You can enable access to the Stitch tab for non-admin users, using a permission called stitch#view.

Note: Non-admin users can access the tab only as viewers. They won’t be able to sync sources or add/edit/delete a source, this can only be done by admin.

Basic rules regarding Stitch security:

  • only user with admin or stitch view permissions can see the tab
  • only user with admin or read permissions on the Configuration can see sources
  • only user with admin or edit repo permissions on the Configuration can add/delete sources
  • only user with admin or control task execute permissions can sync sources manually
  • only user with admin or edit repo permissions can do GitOps operations: Add, Edit, Dry-run or Publish the rule.

Note: Additionally, you must have set your Default user credentials for a Git Repository to be able to execute GitOps operations. User credentials are set by clicking to the gear icon on top left hand side of the screen and selecting the User profile item.