User Security

OneCloud gives administrators the power to control user security with a high degree of granularity. Users can be allowed to access (or prevented from accessing) workspaces, environments, and chains.

Default Group

When a user is invited to OneCloud, they are added to the Default Group. Every user will belong to the default group, so this will act as the baseline permissions for all of your users. You may choose not to assign any permissions to the default group, but know that it changes to this group will apply to all users.

Admin Group

Administrators in OneCloud are allowed full access to any workspace, environment, or chain in OneCloud. In addition, they are the only users allowed to set up connections and
invite others to the platform. See the below section on inviting users, and note that membership in the admin group is what determines if the user is an administrator or not.

Inviting a User

To invite a user to your OneCloud organization, enter the Admin section and select "Users and Groups". Hover over the "+" icon in the bottom right, and click the "Invite users" icon. You'll be taken to a form where you can specify which users to invite to the platform and which user groups to add them to.

When inviting a user, fill in their email and be sure to select which groups they will be added to by using the dropdown on the right. The selected groups will show up below the user's email address. Lastly, there is a checkbox for whether or not the user is configured for single sign-on. To learn more about enabling SSO for your organization, see our Single Sign On (SSO) documentation.

You may invite more than one user at a time by clicking the "+" icon at the top right of the form. Note that your OneCloud license will only include a certain number of "Admin" and "Read and Monitor" (non-admin) users. If you try to invite more users than your license permits, you will receive an error message with the relevant details.

Creating Groups

To create a new user group, enter the Admin section and select "Users and Groups". From here, hover over the "+" icon in the bottom right, and click the "Add Group" icon (see screenshot below).

Setting Permissions

Once you have your groups set up, you'll need to ensure that users in these groups have the power to perform the desired actions. To set permissions on your groups, enter the Admin section and click "Users and Groups". From here, select the "Access" sub-menu. You'll be taken to a page with all of your groups, so select the group for which you want to set permissions.

The next screen will show you a list of your workspaces, and when you click the card containing the relevant workspace, you'll be presented with a list of permissions for that workspace (see screenshot below):

Each checkbox represents a permission level in OneCloud. For workspaces and environments, the permissions (from left to right) are: Read, Edit, Create, and Admin. You'll also notice that when you hover over each checkbox, the permission level will appear as a tooltip.

Permission Levels

All permission levels include the privileges of the previous level. For example, if you had "Admin" access on a workspace, you would also be able to create, edit and view environments within that workspace

Permission Definitions

Read: User can view the relevant object without making any changes
Edit: User can make changes to the relevant object
Create: User can create new objects (i.e. new chains in an environment)
Admin: User has full access (including the ability to delete) to objects

Inheriting Permissions

If permissions are not set at a granular level, they will be inherited from the closest "parent". For example, if you had the "Edit" permission set on a workspace and not on any environments, the user would have permission to edit all of the environments and chains in the workspace.

Workspace Permissions

Before setting more granular permissions, you must choose the group's permission level for the workspace. Once you've selected the appropriate permission, you will be able to set permissions on the environments within this workspace. Workspace permissions are useful for granting broad-strokes access if more detailed permissions are not required, but the real power of OneCloud's user administration is in granting fine-grained access to environments and chains.

Environment Permissions

With workspace permissions established, you may now click a checkbox to select the relevant permission for your environment. Upon selecting this permission, the chains within the environment will appear. Each chain within your environment will have the permission you selected automatically granted. Environment permissions are most useful for restricting users from a production environment, for example.

Removing permissions

To remove a permission, click on the checkbox of the highest permission of the relevant object (note that the lower permission checkboxes will be disabled).

Be careful when removing permissions on workspaces and environments, as removing these will revoke permissions that had previously been set on child objects.

Chain Permissions

Chains have most of the same permission settings as workspaces and environments, with the additional capability of controlling whether or not the user can execute a particular chain. In addition, the "create" permission is not relevant to chains, and is therefore unavailable.

Once you've set your chain permissions, your users will now be restricted at the appropriate levels. Restricted workspaces, environments, and chains will not be visible to these users. If they are provided a link to a workspace, environment, or chain that they do not have access to, they will see the "Not Found" page.

User Security

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.