Access
The Access administration in the PDS platform is a critical component for managing user access and permissions. It ensures that only authorized users can perform specific actions, thereby maintaining security and operational integrity within the platform. Access Manager provides a centralized way to control who has access to what resources and what operations they can perform.
Key features of Access Manager:
- User invitations
- Roles and permissions
For more information about the access manager interface in PDS and the procedures to add and configure user roles and services access, see Access administration.
User invitations
User invitations is a feature that allows administrators to invite new users to join the PDS platform and assign them specific roles and permissions right from the start. This streamlined process ensures that new users have the appropriate level of access as soon as they join the platform.
Example: An IT administrator invites a new developer to the PDS platform. They enter the developer's email address, assign them the appropriate role, and send the invitation. The developer receives the email, accepts the invitation, and gains access to the platform with permissions to deploy and manage data services.
Roles and permissions
Roles and permissions are fundamental to controlling what actions users can perform within the PDS platform. By defining and managing roles, administrators can ensure that sensitive operations are restricted to authorized personnel only.
Defining roles
- Account Admin: Has full access and administration capabilities across all infrastructure components and applications. Also, responsible for creating and managing projects and users, and configuring global settings.
- Project Admin: Has access and administration capabilities within specific projects. Also, can manage resources and applications within their assigned projects but do not have global access.
- Project User: Has access to and administration capabilities for data services and backups within their assigned projects. Limited to operational tasks within specific projects, with the least permissions.
For more information about user roles and permissions in the PDS platform, see RBAC.
Each role is associated with a set of permissions that define what actions users can perform. Permissions include:
- Deploy data services: Allow users to deploy new data services.
- Manage clusters: Allow users to create, update, or delete clusters.
- Manage backups: Allow users to configure and manage backup policies and locations.
Managing roles and permissions:
Example: An IT administrator assigns the Developer role to a new team member. The developer role includes permissions to deploy data services and view metrics but does not include permissions to delete clusters or manage backups. This ensures that the developer can perform their job without having access to critical administrative functions.
Example of using Access Manager
Consider A software development organization with multiple teams:
-
Setup
- Administrator: The IT manager who has full control over the PDS platform.
- Development team: Developers who need to deploy and manage data services.
- QA team: Quality assurance engineers who need to view configurations and metrics for testing purposes.
- Audit team: Auditors who require read-only access to review configurations and compliance.
-
Invite users
- The IT manager invites developers, QA engineers, and auditors to the PDS platform.
- Each user receives an email invitation, accepts it, and logs into the PDS platform with their assigned role.
-
Assign roles
- Developers are assigned the "Developer" role with permissions to deploy and manage data services.
- QA Engineers are assigned the "Viewer" role to ensure they can access necessary information without making changes.
- Auditors are also assigned the "Viewer" role to review configurations and compliance without altering any settings.
-
Manage access
The IT manager periodically reviews and updates roles and permissions to ensure they align with current project requirements. When a developer moves to a different project or leaves the company, their access is promptly updated or revoked.
Benefits:
- Security: Sensitive operations are restricted to authorized personnel only, reducing the risk of accidental or malicious changes.
- Efficiency: Users have the access they need to perform their tasks without unnecessary delays.
- Compliance: Auditors and compliance officers can review configurations and operations without affecting the running system.
By leveraging the Access Manager, the software development company can effectively control access to the PDS platform, ensuring that each team member has the appropriate level of access. This structured approach enhances security, operational efficiency, and compliance with internal and external regulations.