User Security

This article has expired. Please visit the OneCloud Knowledge Base for the latest documentation.

OneCloud gives administrators the power to control user security with a high degree of granularity. Users can be allowed to access (or prevented from accessing) workspaces, environments, and chains.

Default Group

When a user is invited to OneCloud, they are added to the Default Group. Every user will belong to the default group, so this will act as the baseline permissions for all of your users. You may choose not to assign any permissions to the default group, but know that it changes to this group will apply to all users.

Admin Group

Administrators in OneCloud are allowed full access to any workspace, environment, or chain in OneCloud. In addition, they are the only users allowed to set up connections and
invite others to the platform. See the below section on inviting users, and note that membership in the admin group is what determines if the user is an administrator or not.

Workspace Admin

If a user has "Admin" privileges on any workspace, that user is considered to be a "Workspace Administrator". This privilege allows a user to create connections and edit connections that are available to their workspace. In addition, they will also be able to see the "Runners" section for any administrative tasks related to GroundRunners and the "BizApps" section for a list of available BizApps.

Inviting a User

To invite a user to your OneCloud organization, enter the Admin section and select "Users and Groups". Hover over the "+" icon in the bottom right, and click the "Invite users" icon. You'll be taken to a form where you can specify which users to invite to the platform and which user groups to add them to.

When inviting a user, fill in their email and be sure to select which groups they will be added to by using the dropdown on the right. The selected groups will show up below the user's email address. Lastly, there is a checkbox for whether or not the user is configured for single sign-on. To learn more about enabling SSO for your organization, see our Single Sign On (SSO) documentation.

You may invite more than one user at a time by clicking the "+" icon at the top right of the form. Note that your OneCloud license will only include a certain number of "Admin" and "Read and Monitor" (non-admin) users. If you try to invite more users than your license permits, you will receive an error message with the relevant details.

Creating Groups

To create a new user group, enter the Admin section and select "Users and Groups". From here, hover over the "+" icon in the bottom right, and click the "Add Group" icon (see screenshot below).

Setting Permissions

Once you have your groups set up, you'll need to ensure that users in these groups have the power to perform the desired actions. To set permissions on your groups, enter the Admin section and click "Users and Groups". From here, select the "Access" sub-menu. You'll be taken to a page with all of your groups, so select the group for which you want to set permissions.

The next screen will show you a list of your workspaces, and when you click the card containing the relevant workspace, you'll be presented with a list of permissions for that workspace:

Each checkbox represents a permission level in OneCloud. For workspaces and environments, the permissions (from left to right) are: Read, Edit, Create, and Admin.

Permission Levels

All permission levels include the privileges of the previous level. For example, if you had "Admin" access on a workspace, you would also be able to create, edit and view environments within that workspace

Permission Definitions

Read: User can view the relevant object without making any changes
Edit: User can make changes to the relevant object
Create: User can create new objects (i.e. new chains in an environment)
Admin: User has full access (including the ability to delete) to objects

Inheriting Permissions

If permissions are not set at a granular level, they will be inherited from the closest "parent". For example, if you had the "Edit" permission set on a workspace and not on any environments, the user would have permission to edit all of the environments and chains in the workspace.

Workspace Permissions

Before setting more granular permissions, you must choose the group's permission level for the workspace. Once you've selected the appropriate permission, you will be able to set permissions on the environments within this workspace. Workspace permissions are useful for granting broad-strokes access if more detailed permissions are not required, but the real power of OneCloud's user administration is in granting fine-grained access to environments and chains.

Environment & Chain Permissions

With workspace permissions established, you may now click a checkbox to select the relevant permission for your environment. Upon selecting this permission, the chains within the environment will appear. Each chain within your environment will have the permission you selected automatically granted. Environment permissions are most useful for restricting users from a production environment, for example.

Chains have most of the same permission settings as workspaces and environments, with the additional capability of controlling whether or not the user can execute a particular chain. In addition, the "create" permission is not relevant to chains and is therefore unavailable.

Removing permissions

To remove a permission, click on the checkbox of the highest permission of the relevant object (note that the lower permission checkboxes will be disabled).

Be careful when removing permissions on workspaces and environments, as removing these will revoke permissions that had previously been set on child objects.

Once you've set your chain permissions, your users will now be restricted at the appropriate levels. Restricted workspaces, environments, and chains will not be visible to these users. If they are provided a link to a workspace, environment, or chain that they do not have access to, they will see the "Not Found" page.

Updated about a month ago

User Security

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.