Capabilities()
Infrastructure
Provision, manage, and monitor servers.
Compute
Run containers, VMs, and functions easily.
Networking
Built-in load balancing, DNS, & service discovery.
Storage
Integrated support for LVM, iSCSI, & Ceph.
Observability
Real-time metrics, events, and logs.
Automation
Automatic updates, pipelines, and IaC.
Reference()
Platform DocumentationAPI Reference
Objectives()
For Serious Builders
Read the manifesto and reclaim your sanity.
Developers
Focus on code, not config.
DevOps Engineers
Automate the boring stuff.
Infrastructure Teams
Manage everything from a single control plane.
Compare()
vs. Kubernetesvs. Herokuvs. Portainervs. Nomadvs. VMware
Documentation()
Quick Start GuidePlatform DocumentationPortal DocumentationLearn CenterAPI Reference
Resources()
Changelog
Platform releases, features, and fixes.
Platform Status
Live uptime data and incident reports.
About Us
The team building Cycle and why we built it.
Our Blog
Engineering deep-dives, product updates, and industry takes.
DevOps Toolbox
Free converters and utilities for everyday DevOps work.
Partners
Native integrations with the providers you already use.
Community()
Cycle CommunitySlack CommunityGithubContact Us
PricingLogin
Get Started

Access Control Lists.

Access Control Lists (ACLs) are used to limit access to specific resources within a hub based on role.

ACL Resources.

ACLs can be applied to the following resource types on Cycle:

ACL Permissions.

There are three ACL permissions that can be toggled on and off per role listed on the ACL.

  • view: the role can view the resource
  • modify: the role can change the resource itself, but excludes the ability to delete the resource or modify the ACL of the resource
  • manage: the role can delete the resource and the role can update the ACL for the given resource

When a role is set on an ACL, but no permissions are enabled, the role is essentially unable to interact with that resource in any capacity.

It is possible to combine any 3 permissions, such as modify and manage, but not view (though this will make it impossible to view in the Portal).

Combining Capabilities and ACLs.

Capabilities dictate what a role CAN do within a hub, while the ACL limits what the role can do on a resource.

For example, say we wanted to grant "view" permissions to an environment for a role. That role MUST have the environments-view capability, otherwise it would not be able to view the environment with the ACL, even with that role specifically set to view. The role is not "capable" of viewing environments, so the ACL doesn't matter.

Layering Cluster ACLs with Cluster Resources.

Some resources, such as environments, fall under a cluster. When an environment or other cluster resource does not have its own ACL set, it will be subject to the ACL of the cluster instead.

ResourceViewModifyManageDescription
Environment--Can view environment, but make no changes to it
Environment-Can view/make changes to environment, but cannot delete it or modify its ACL
EnvironmentCan view/make changes to an environment, and can delete it and modify its ACL
Environment---Falls back to cluster ACL
Cluster--Can view cluster and any environments in cluster that don't have a more specific ACL
Cluster-Can view/make changes to cluster and any environments in the cluster that dont have a more specific ACL, delete any environments in the cluster, modify the ACLs of environments in the cluster, but cannot delete the cluster or modify the cluster ACL.
ClusterCan view/make change to cluster and any environments in the cluster that don't have a more specific ACL, and can delete the cluster and modify the cluster's ACL
Cluster---Cannot view, modify, delete, or manage the ACL of the cluster or any resources in the cluster.
Cookies

Cookies Preferences

We run basic, anonymous analytics by default to measure site traffic. By clicking "Accept," you allow additional cookies for advanced app improvements and tailored advertising. Choose what you share by clicking "Customize."