Is SafeDevOps a SAFe implementation platform?

Yes. SafeDevOps is a SAFe® implementation platform that helps you plan PIs, manage ARTs, track epics/features/stories, and coordinate SAFe events and roles in one place.

Does SafeDevOps replace CI/CD tools like Jenkins or GitLab?

No. SafeDevOps coordinates the SAFe process and connects strategy to delivery. Your CI/CD tools still run builds and deployments; SafeDevOps provides planning, tracking, and visibility.

How do I start implementing SAFe with SafeDevOps?

Create your organization, set up Agile Release Trains (ARTs), plan your first Program Increment (PI), and begin tracking epics, features, and stories. The documentation guides you step‑by‑step.

Default Role Permissions (RBAC)

Safedevops.app uses a robust Role-Based Access Control (RBAC) system to ensure that users have the appropriate level of access to perform their duties according to the Scaled Agile Framework (SAFe®). When a new organization is created, the platform automatically seeds a set of default permissions for each SAFe® role.

Why these defaults? The default permissions are designed to align with the typical responsibilities of each role within a SAFe® context. For example, a Release Train Engineer (RTE) is given broad management capabilities over the ART and its events, while a Developer has more focused permissions related to executing work within an iteration. These defaults provide a sensible and secure starting point for any organization.

Fully Customizable: While these defaults are a great starting point, we understand that every organization is unique. All permissions are fully customizable to fit your specific governance and workflow needs.
→ Learn How to Manage and Customize Role Permissions

Prerequisite: To customize these permissions, you must have the OrgAdmin role assigned to you within the organization.
To learn how to assign roles, please see the User & Member Management guide.

Default Permissions by Role

Below is a summary of the key permissions assigned to each primary SAFe® role by default. Note that all roles receive a baseline of view-only permissions for general visibility, which are listed at the end.

Release Train Engineer (RTE) & SAFe Program Consultant (SPC)

As the servant leaders and coaches for the Agile Release Train, RTEs and SPCs have extensive permissions to manage all aspects of the ART, its ceremonies, and its teams.

Full Management Rights: Program Increments, ARTs, Teams, Iterations, Deployments, Hypotheses, Dependencies, and Risks.
Full CRUD on Work Items: Can create, edit, and delete Epics, Features, Stories, and Tasks.
High-Level Access: Can facilitate ceremonies and view all metrics (Portfolio, Program, ART, Basic).

Product Manager (PM)

The Product Manager is responsible for the "what"—defining and prioritizing the solution backlog. Their permissions reflect this focus.

Work Item Focus: Full create, edit, and delete rights for Epics and Features.
Strategic Management: Can manage Hypotheses and Teams.
Planning: Can participate in PI Planning.

Scrum Master (SM)

The Scrum Master is the servant leader for their Agile Team. Their permissions are focused on managing the team's workflow, facilitating events, and removing impediments at the team level.

Team-Level Management: Can manage Iterations and facilitate ceremonies.
Backlog Management: Full create, edit, and delete rights for Stories and Tasks.
Planning & Visibility: Can participate in PI Planning and manage Hypotheses.

Product Owner (PO)

The Product Owner is responsible for the team backlog and ensuring the team delivers value. Their permissions are centered on defining and accepting team-level work.

Backlog Ownership: Full create, edit, and delete rights for User Stories. Can also create and edit Features.
Strategic Input: Can manage Hypotheses to inform backlog decisions.
Planning: Can participate in PI Planning.

Architect (Arch)

Architects provide technical guidance. Their permissions allow them to contribute to the architectural runway and maintain a high-level view.

Architectural Contribution: Can create and edit Features to define technical requirements.
Broad Visibility: Has view access across the portfolio and program to ensure alignment.

Developer (Dev)

Developers are focused on implementing the solution. Their permissions are scoped to creating and editing tasks, with broad view access for context.

Execution Focus: Can create and edit Tasks.
Contextual View: Has view-only access to PIs, iterations, and ceremonies.

QA, Business Analyst (BA), UX Designer, System Engineer (SysEng), and Other

These essential team roles are initially granted the base set of view-only permissions. This ensures they have full context of the work being done across the ART while maintaining a secure "least privilege" starting point. Their permissions can be easily elevated as needed.

Default Access: Granted the "Base View-Only Permissions" listed below.

Base View-Only Permissions

To ensure transparency and alignment, every role is granted a baseline set of view-only permissions by default. This allows all members to see the broader context of the work being done across the ART. These base permissions include:

View Program Increments
View Agile Release Trains
View Iterations
View Ceremonies
View All Work Items
View Basic, ART, Program, and Portfolio Metrics
View Deployments