User accounts allow access to DivvyCloud and they can be configured to authenticate using three different authentication types:
- Local Authentication - This type of user authenticates against the local database
- Active Directory - Authentication for the user occurs via a configured Active Diretory server
- LDAP - Authentication for the user occurs via a configured LDAP authentication server
When users execute write operations within the tool, their actions are recorded and can be accessed via Change History. You can also set up different access levels and permissions for users so you can restrict what they can and cannot access. This can be very useful if you want to permit access to a subset of resources within your installation.
- System Admin - This is a super user who has access to everything within the tool. System admins can manage users, upgrade the software and get insight into all accounts/groups.
- Organization Admin - Users with this access level have the ability to create users and gain insight into all resources scoped to their organization. They cannot upgrade the software.
- Basic User - Basic users have no permissions to any resources unless explicitly granted by an administrator.
Permissions only come into the equation for basic user accounts. When applying permissions to organization services (clouds), resource groups or projects you have a variety of options. The table below lists the permission type and description.
|View||Allows read-only permissions to the resource(s) contained in the group|
|Create||Allows the ability to create resources within the group|
|Control||Allows lifecycle commands to be executed with the exception of delete/terminate|
|Modify||Allows changes to be made to a resource (eg: change the security groups of an instance)|
|Delete||Allows permanent removal of a resource (delete/terminate)|
|All||Allows all permissions with the exception of grant/revoke|
|Grant||Allows the user to grant any of the aforementioned permissions|
|Revoke||Allows the user to revoke any of the aforementioned permissions|