How to Granularize RBAC at Individual Pipeline Level in a Harness NextGen Project

This document walks you through the steps to follow on a Harness NextGen to achieve how to Granularize RBAC at individual pipeline levels in a project.

  1. Let’s Add/Invite a user to an already existing project as a collaborator.

  2. Now let’s create a resource group called ‘Front’ where only specific pipelines within the project are specified.
    Project > Access Control > Resource Groups

  3. Next let’s Create a Role called ‘Test’ with pipeline execution permissions.
    Project > Access Control > Roles

  4. Now let’s create a user group called ‘Test-UserGroup’ with role-binding of ‘Test’ role and ‘Front’ resource-group and make the above user part of the user-group.

With the above RBAC settings, We can see the pipeline execution isolation for the above user.


When this user tries to execute pipelines in the project, some of the connectors/secrets required by the pipeline were setup at Org level/Account level - To fix this, we need to create a new role binding at Org level/Account level for this user (can use user-group for this as well) and provided access permissions to the required connectors & secrets.

This will resolve the problem and the user was only able to execute/run the specified pipelines.

1 Like