LGTM Enterprise 1.24

User roles

LGTM Enterprise uses two roles to control access to pages:

  • Standard users—access to all pages in the main interface—that is, pages whose URLs don't begin https://<lgtm-domain>/admin/.
  • Application administrators—additional access to administration interface by clicking the Admin button on the menu bar. This button is only displayed to users who have logged in to LGTM Enterprise using an account that has been granted admin rights—see Managing users.

These two basic roles may be supplemented by integrating LGTM Enterprise fully with code management systems that host the repositories you plan to analyze.

Actions available to a standard user

Standard users can view data and follow projects. These options have no impact on the setup or running of LGTM Enterprise.

In addition, by default, standard users can perform the following actions:

  • Run a query using the query console—this adds a query job to the queue. It will be run by a query worker.
  • Add a project from their My projects list—this creates a series of attempt-build jobs using the global project configuration. If at least one language is successfully analyzed, the project is created and scheduled for analysis. The process is exactly the same as when an administrator adds a project. Simple log files are available to the user from their My projects project list. The full logs for the attempt-build jobs are available to administrators from the Jobs tab of the Logs page.

    If necessary, administrators can block this option. For details, see Allowing users to add projects.
  • Add a project configuration file to LGTM—this option is offered to users only if their attempt to add a project fails. A second series of attempt-build jobs is created, using the user-supplied project configuration file. If this succeeds, the project is added to LGTM with the custom project configuration file.

In addition, any user with write access to a repository can commit an LGTM project configuration file to their repository. This overrides the global configuration and may define which alerts to display, how to classify files, and how to extract the codebase.

Use of data from external accounts

When a user logs in to LGTM using an externally managed account for a repository hosting system that's fully integrated, LGTM knows the:

  • Repositories the user has read-only access for
  • Repositories the user owns or has admin access to

This information affects what's displayed in the main interface, as follows:

  1. Project pages are visible only to users who have at least read-only access to the repository.
  2. When the current user displays a developer's profile page, full information is shown only for projects where the current user has at least read-only access for the repository (for an example, see About authorization levels).
  3. The option to enable code review integration for a project (in the project's Integrations tab) is displayed only to users who own or administer that repository.

You can change the authorization mechanism for an integration, or override authorization for a user. This will affect the project pages available to users, and the data displayed on the profile pages of other developers.

For more information about controlling access to projects, see Controlling access to content.

Related topicsRelated topics