Permissions management for Cloud Governance roles
-
- UpdatedAug 1, 2024
- 3 minutes to read
- Xanadu
- Cloud Management
Permissions are user group-level access rights to features in the Cloud Provisioning and Governance application and to specific records in the instance, such as blueprints or cloud accounts.
You can refine the actions that are allowed or prohibited for users based on user group. By default, each role includes access rights, but not all users with the same role can see or edit each others records. For example, by default users with the cloud_designer role have full read and write access to their own blueprints, but they do not have read or write access to blueprints created by other cloud designers. If you want them to have access, you must put the users into a group that has the cloud_designer role, then give that group read and write access to particular blueprints.
Permission types
- Access [Read]
- Users can see the record, but not edit or delete.
- Manage [Create & Update]
- Users can see the record and create and update new records in the same table, but cannot delete any records.
- Delete
- Users can delete specified records or all records in the table.
- Execute
- Users can execute an action on records in the table.
- All
- Users have permissions on all records in the table.
Permissions suggestions
Suggested group and role | Type of users in the group | Suggest permissions | Description |
---|---|---|---|
Catalog user group Cloud user
|
Users who order similar items from the catalog in the Cloud User Portal. | Access [read] or Execute | Catalog items, even after they are published, cannot be seen by users in the Cloud User Portal until you grant a user group to which that user belongs read access to the items. Grant Access and Execute permissions to cloud users on the Blueprint Catalog Item table and the Cloud Account table. |
Blueprint designers Service Designer [sn.cmp.cloud_service_designer] |
Users who design blueprints. | Manage [Create and update] | Blueprint designers cannot see or edit other blueprints or catalog items by default. To collaborate or reuse existing blueprints and catalog items, blueprint designers need access to each others' blueprints through the Manage permission. |
Cloud admins Cloud administrator |
Users who create and manage cloud accounts. | Manage [Create and update] | Cloud admins must map templates to appropriate resource profiles. To collaborate or reuse existing resource profiles and templates. |
Assign a cloud permission
Assign a permission to refine the actions that are allowed or prohibited for users based on the user group they belong to.
Before you begin
- Role required: sn_cmp.cloud_governor
- The user group to which you want the permission applied.
Procedure