Permissions are user group-level access rights to features in the Cloud Provisioning and Governance application and to specific records in the instance, such as blueprints or cloud accounts.

You can refine the actions that are allowed or prohibited for users based on user group. By default, each role includes access rights, but not all users with the same role can see or edit each others records. For example, by default users with the cloud_designer role have full read and write access to their own blueprints, but they do not have read or write access to blueprints created by other cloud designers. If you want them to have access, you must put the users into a group that has the cloud_designer role, then give that group read and write access to particular blueprints.

Permission types

Access [Read]
Users can see the record, but not edit or delete.
Manage [Create & Update]
Users can see the record and create and update new records in the same table, but cannot delete any records.
Delete
Users can delete specified records or all records in the table.
Execute
Users can execute an action on records in the table.
All
Users have permissions on all records in the table.

Permissions suggestions

Consider granting these permissions in your organization:
Suggested group and role Type of users in the group Suggest permissions Description
Catalog user group

Cloud user [sn_cmp.cloud_service_user]

 Users who order similar items from the catalog in the Cloud User Portal. Access [read] or Execute Catalog items, even after they are published, cannot be seen by users in the Cloud User Portal until you grant a user group to which that user belongs read access to the items. Grant Access and Execute permissions to cloud users on the Blueprint Catalog Item table and the Cloud Account table.
Blueprint designers

Service Designer [sn.cmp.cloud_service_designer]

 Users who design blueprints. Manage [Create and update] Blueprint designers cannot see or edit other blueprints or catalog items by default. To collaborate or reuse existing blueprints and catalog items, blueprint designers need access to each others' blueprints through the Manage permission.
Cloud admins

Cloud administrator [sn_cmp.cloud_admin]

 Users who create and manage cloud accounts. Manage [Create and update] Cloud admins must map templates to appropriate resource profiles. To collaborate or reuse existing resource profiles and templates.

Assign a cloud permission

Assign a permission to refine the actions that are allowed or prohibited for users based on the user group they belong to.

Before you begin

  • Role required: sn_cmp.cloud_governor
  • The user group to which you want the permission applied.

Procedure

  1. Navigate to All > Cloud Admin Portal > Governance > Permission.
  2. Fill out the form fields (see table).
    Figure 1. Read permissions on cloud accounts
    Read permissions on cloud accounts
    FieldDescription
    Target type Select the cloud table in which the target record belongs.
    All Entities Select this option to apply the permission to all records in the table.
    Permission Select the permission type.
    Target Entity Select the record that the permission is based upon.
    Group Select the user group.
  3. Click Submit.