Viewing and Managing Permissions
An Account Manager or Project Manager can easily implement RBAC (role-based access control) by viewing and change the permissions that are assigned to different user Roles for performing specific actions.
CloudShare permissions are very flexible and are managed by project. You can change permissions for actions in the following areas:
-
Environments
-
Snapshots
-
Training
-
POCs
-
External Resources
-
End User Activities
Whenever you create a new project, CloudShare uses a default set of user permissions to start.
A Project Manager is able to change any permissions that have been set by another Project Manager for a shared project.
Viewing Permissions for a Project
-
From the Management menu of the CloudShare Dashboard, select Projects.
-
Click on the name of the project for which you want to view permissions. The Project Details page is displayed.
-
From the Actions list, click Manage Permissions. The Permissions Management page for the project is displayed:
Each area lists the available actions and indicates which specific Roles are permitted to perform them.
A checkmark next to an action indicates that permission is granted for the listed Role, while an 'X' indicates that permission is denied.
The End User area lists the actions which are available for all end users of the selected project.
Changing Permissions for a Project
-
From the Permissions Management page, click the edit icon at the upper right corner of the area for which you want to change permissions. An editing dialog is displayed for that area:
-
For each action, select the lowest-level user Role that will be able to perform the associated action from the drop-down list. Note that any Roles which are higher than the selected level will also be able to perform the action.
If it appears, you can select the Disabled for All list option to prevent all Roles from performing the action.
-
When you finish assigning permissions for the selected area, click Submit. The changes will be saved and the editing dialog will be closed.
Using Granular Permissions for Training
For Training permissions, CloudShare provides detailed granular options to enable additional control when a user needs to edit a class.
By default, granular permissions use the same permissions that were set for an associated class. When you change a granular permission, it will override the permission that was set for editing the class. A granular permission always takes precedence over its higher, class-level permission.
Note
Changing some granular settings will display a warning that you will be unable to roll back the permission change later, since it is asymmetrical with another permission. For example, since enabling Decrease Maximum Students can cause a conflict with Increase Maximum Students, you will not be able to reverse the change.
Changing POC Permissions
Permissions for POCs enable a user with the selected Role to:
-
Create a new POC
-
Extend an existing POC
-
Cancel an existing POC
Changing External Resources Permissions
Permissions for External Resources enable a user with the selected Role to:
-
Add a Terraform script
-
Edit a Terraform script
-
Delete a Terraform script
Changing End User Permissions
Permissions for End Users enable a user with the selected Role to:
-
Delete an environment
-
Extend an environment
-
Revert an environment (including any external cloud resources that were created with it)
-
Revert or reset a specific CloudShare VM in an environment
Note
These permissions relate only to actions of an each end user on their own components. For example, if you enable the Delete Environment action, an end user will only be able to delete an environment that was created for them in the current project.
When changing end user permissions, only a Yes or No option is available for each action.
-
From the Permissions Management page, click the edit icon at the upper right corner of the End Users area. An editing dialog is displayed:
-
For each action, select Yes if you want to enable all end users to perform the action when working in the selected project.
-
When you finish assigning permissions for the End User area, click Submit. The changes will be saved and the editing dialog will be closed.
Comments
0 comments
Article is closed for comments.