User accounts allow access to DivvyCloud and they can be configured to authenticate using three different authentication types:

  1. Local Authentication - This type of user authenticates against the local database
  2. Active Directory - Authentication for the user occurs via a configured Active Diretory server
  3. LDAP - Authentication for the user occurs via a configured LDAP authentication server

When users execute write operations within the tool, their actions are recorded and can be accessed via Change History. You can also set up different access levels and permissions for users so you can restrict what they can and cannot access. This can be very useful if you want to permit access to a subset of resources within your installation.

Access Levels

  1. System Admin - This is a super user who has access to everything within the tool. System admins can manage users, upgrade the software and get insight into all accounts/groups.
  2. Organization Admin - Users with this access level have the ability to create users and gain insight into all resources scoped to their organization. They cannot upgrade the software.
  3. Basic User - Basic users have no permissions to any resources unless explicitly granted by an administrator.


Permissions only come into the equation for basic user accounts. When applying permissions to organization services (clouds), resource groups or projects you have a variety of options. The table below lists the permission type and description.

Permission Name Description
View Allows read-only permissions to the resource(s) contained in the group
Create Allows the ability to create resources within the group
Control Allows lifecycle commands to be executed with the exception of delete/terminate
Modify Allows changes to be made to a resource (eg: change the security groups of an instance)
Delete Allows permanent removal of a resource (delete/terminate)
All Allows all permissions with the exception of grant/revoke
Grant Allows the user to grant any of the aforementioned permissions
Revoke Allows the user to revoke any of the aforementioned permissions