forked from xchapter7x/docs-pivotalcf-console
-
Notifications
You must be signed in to change notification settings - Fork 0
/
console-roles.html.md.erb
112 lines (57 loc) · 5.37 KB
/
console-roles.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
---
title: Managing User Roles with Apps Manager
owner: Apps Manager
---
This topic explains how to manage user roles with Apps Manager.
<% unless vars.book_title == "Pivotal Web Services Documentation" %>
<!-- This ensures that the note below only appears in the <%= vars.platform_name %> docs, not in the PWS docs. -->
<p class='note'><strong>Note:</strong> The procedures described here are not compatible with using SAML or LDAP for user identity management. To create and manage user accounts in a SAML- or LDAP-enabled <%= vars.platform_name %> deployment, see <a href='../opsguide/external-user-management.html'>Adding Existing SAML or LDAP Users to an <%= vars.platform_name %> Deployment</a>.</p>
<% end %>
## <a id='overview'></a> Overview
<%= vars.platform_name %> uses role-based access control, with each role granting the permissions in either an org or an app space.
A user account can be assigned one or more roles. The combination of these roles defines the actions a user can perform in an org and within specific app spaces in that org. For information about the actions that each role allows, see [Orgs, Spaces, Roles, and Permissions](../concepts/roles.html). For example, to assign roles to user accounts in a space, you must have Space Manager role assigned to the user in that space.
You can also modify permissions for existing users by adding or removing the roles associated with the user account. User roles are assigned on a per-space basis, so you must modify the user account for each space that you want to change.
Admins, Org Managers, and Space Managers can assign user roles with Apps Manager or with the Cloud Foundry Command Line Interface (cf CLI). For more information, see [Users and Roles](../cf-cli/getting-started.html#user-roles) in _Getting Started with the cf CLI_.
<% unless vars.book_title == "Pivotal Web Services Documentation" %>
You can manage user roles across multiple foundations. For more information, see [Configuring Multi-Foundation Support in Apps Manager](../opsguide/configure-multi-foundation.html).
<% end %>
## <a id='orgs-roles'></a> Manage Org Roles
Valid org roles are <%= vars.org_roles %>.
To grant or revoke org roles:
1. Go to the **Home** page
1. Select an org.
1. In the panel on the left side of the screen, click **Members**. Edit the roles assigned to each user by selecting or clearing the checkboxes under each user role. Apps Manager saves your changes automatically.
1. The **Members** panel displays all members of the org. Select a checkbox to grant an org role to a user, or clear a checkbox to revoke a role from a user.
## <a id='space-roles'></a> Manage App Space Roles
Valid app space roles are Space Manager, Space Developer, and Space Auditor.
To grant or revoke app space roles:
1. Go to the page for a space.
1. In the panel on the left side of the screen, click **Members**. The **Members** panel displays all members of the space.
1. Select a checkbox to grant an app space role to a user, or clear a checkbox to revoke a role from a user.
* **Space Managers** can invite and manage users and enable features for a given space. Assign this role to managers or other users who need to administer the account.
* **Space Developers** can create, delete, and manage apps and services, and have full access to all usage reports and logs. Space Developers can also edit apps, including the number of instances and memory footprint. Assign this role to app developers or other users who need to interact with apps and services.
* **Space Auditors** have view-only access to all space information, settings, reports, and logs. Assign this role to users who need to view but not edit the app space.
## <a id='invite'></a> Invite New Users
<%= vars.enable_invitations %>
To invite new users to an org:
1. Go to the org page.
1. In the panel on the left side of the screen, click **Members**.
1. Click **Invite New Members**. The **Invite New Team Member(s)** form appears.
1. In the **Add Email Addresses** text field, enter the email addresses of the users that you want to invite. Enter multiple email addresses as a comma-delimited list.
1. The **Assign Org Roles** and **Assign Space Roles** tables list the current org and available spaces with checkboxes corresponding to each possible user role. Select the checkboxes that correspond to the permissions that you want to grant to the invited users.
1. Click **Send Invite**. The Apps Manager sends an email containing an invitation link to each email address that you specified.
## <a id='removing_org'></a> Remove a User From an Org
Removing a user from org also removes them from all spaces in the org.
To remove a user from the org:
1. Go to the org page.
1. In the panel on the left side of the screen, click **Members**.
1. Locate the user account that you want to remove.
1. Under the user's email address, click on the **Remove User** link. A warning dialog appears.
1. Click **Remove** to confirm user account deletion from the org.
## <a id='removing_space'></a> Remove a User From a Space
To remove a user from a space:
1. Go to the page for a space.
1. In the panel on the left side of the screen, click **Members**. The **Members** panel displays all members of the space.
1. Locate the user account that you want to remove.
1. Under the user's email address, click on the **Remove User** link. A warning dialog appears.
1. Click **Remove** to confirm user account deletion from the space.