Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

The availability of features may depend on your plan type. Contact your Customer Success Manager if you have any questions.

Dev guideRecipesAPI ReferenceChangelog
Dev guideAPI ReferenceRecipesChangelogUser GuideGitHubDev CommunityOptimizely AcademySubmit a ticketLog In
Dev guide

Interactions between environment and flag roles

How environment and flag granular permission roles interact in Optimizely Feature Experimentation.

Before you manage environment roles and flag roles, it is important to understand how flags and environments interact in a Feature Experimentation project.

🚧

Important

This document explains how flag and environment roles work together and must be read before configuring environment roles and flag roles.

Each flag rule operates within a specific environment, and the collection of a flag’s rules in an environment is called a ruleset. When applying granular permissions, the lower of the two roles (flag or environment) determines what actions a collaborator can perform within a ruleset.

📘

Note

When a collaborator creates a flag, they are automatically assigned Admin role for that flag. To create a flag or audience, a collaborator must have Editor or Admin access in at least one environment, either directly or through a team.

If your project does not use granular permissions, the collaborator must instead have the Editor or Admin project role.

project and entity structure

The following diagram shows example flag and environment role combinations, along with the resulting ruleset permissions where each flag and environment intersect:

📘

Note

The maximum permission in a ruleset is Publisher. An entity Admin can manage permissions for that entity but is still considered at most a Publisher within a ruleset.

The following permission matrix outlines how combinations of environment and flag roles influence what actions you can take within a ruleset.

Environment roleFlag roleEffective permission in ruleset
AdminAdminPublisher – Can publish and edit rules and manage permissions.
AdminEditorEditor – Can edit but not publish rules.
AdminViewerViewer– Can view rules only.
PublisherAdminPublisher
PublisherEditorEditor
PublisherViewerViewer
EditorAdminEditor
EditorEditorEditor
EditorViewerViewer
ViewerAdminViewer
ViewerEditorViewer
ViewerViewerViewer