Concourse Feedback


Your feedback drives the Concourse roadmap! Review and vote for existing ideas or submit new ideas.


For immediate technical support, please follow this guidance to open a Service Now ticket.


User Access and Permissions Controls

🔹 Put Simply

Introduce granular permissions and role-based access control (RBAC) to the Admin Portal so that organizations can control which users can view, edit, review, or publish different content types (e.g., work items, assets, templates).

🔹 Why It Matters

  • 🔐 Admin Portal is a centralized system that governs mission-critical templates and assets for PDM—unrestricted access creates risk.

  • 🧑‍💼 Not all users should have the same level of control; territorial, global, and team-based permissions are needed to reflect organizational hierarchy.

  • 🛑 Without permissions, there's no way to delegate responsibility without also exposing sensitive or complex content to unintended edits.

  • 🤝 Enables collaboration across teams while maintaining clear ownership boundaries, improving accountability and audit readiness.

  • 🔍 Supports compliance, scale, and governance, particularly as Admin Portal adoption grows across business units and regions.

🔹 High-Level Acceptance Criteria

  1. Role Definition and Management

    • Given I am an Admin Portal super user,
      When I configure user roles,
      Then I should be able to define roles such as:

      • Viewer

      • Editor

      • Reviewer

      • Approver

      • Super Admin

  2. Entity-Based Access Scoping

    • Given users are assigned to specific scopes (e.g., Global, Territory, Offering, Workstream),
      When they access the portal,
      Then they should only see and manage content within their assigned scope.

  3. Permission Matrix Enforcement

    • Given a user has a certain role (e.g., Reviewer),
      When they attempt an action (e.g., editing content),
      Then the system should allow or block the action based on the permission matrix.

  4. User Management Interface

    • Given I am a Super Admin,
      When I access the user permissions page,
      Then I should be able to:

      • Add or remove users

      • Assign or change roles

      • Update scope affiliations (Territory, Offering, etc.)

  5. Audit Logging of Role Changes

    • Given a user’s role or scope is changed,
      When the change is saved,
      Then an audit entry should be logged including who made the change, the old and new roles, and the timestamp.

  6. Permission-Filtered Views

    • Given I have limited access to certain content,
      When I use search, filter, or view lists,
      Then I should only see results I'm permitted to access.

  • Carly Hu
  • May 13 2025
  • PM Refinement
United States
Workspace Territory United States

Related ideas