Ownership of Objects


Ownership of Objects

The term "owner" is used two different ways in Kion.


The first way refers to the Owner permission role, which is a default role that cannot be removed. You can map users and user groups to permission roles in permission schemes. The permissions granted to users with the Owner role are based on the permissions mapped to the role.

Objects and Resources

The second way refers to ownership of certain objects, which is designated during object creation. The objects that use this type of ownership are:

  • Cloud Rules
  • IAM Policies
  • Azure Role Definitions
  • Azure Policy Definitions
  • AWS CloudFormation Templates
  • Azure ARM Templates
  • AWS Service Catalog Portfolios
  • AWS AMIs
  • Webhooks
  • Compliance Checks
  • Compliance Standards

Capabilities granted by object ownership are separate from permission roles/permission schemes.

The capabilities granted by object ownership are fixed and cannot be changed. Only object owners may edit an object.

Users with object creation permissions are not automatically added as object owners for the objects they create. For example, a user can have project creation permissions granted to them through a permission scheme, but they won't be able to edit/delete projects they create unless they are also added as an owner. Conversely, if a user who cannot create projects is made an owner of a project, they can make edits that project but still cannot create or edit other projects.