When it comes to managing your team’s access and permissions to cloud environments, it’s important to grant the right permissions to your users—no less and no more than they need. Different teams can require different levels of access, for example cloud budget managers and users will require different permissions than the DevOps engineers who are operating and managing the cloud on a daily basis. Managing different users and teams, however, can add overhead, especially when there are multiple teams.
Spot by NetApp customers have been using our existing user management to make sure users in each group have the access they need. After a lot of positive customer feedback, we’ve added new capabilities and we’re now excited to launch a new user management system that provides users with even more tools to better manage and control access to the cloud.
To give a more holistic point of view of users that are associated with operating and managing cloud environments, the new user management system has shifted from account view into an organizational view, and now combines both Console and Programmatic access types.
Through the user management system, you can simply attach the right permissions to users with predefined ‘Spot Managed’ policies, or you can create a custom policy using the intuitive UI.
Groups
One of the biggest changes that Spot customers will notice is the ability to associate users into groups. This feature allows you to combine users together and manage their permissions all at once. The users in the group will inherit the group permissions.
It’s possible to have a single user span multiple groups, and it is also possible to directly assign a permission policy to a specific user in addition to those inherited from the group.
Permission enforcement is managed according to the following logic:
Permissions Policies
Spot offered a few predefined policies in the past including admin, viewer and editor, which are now formalized as ‘Spot Managed Policies’, along with additional policies that can be assigned to users or groups. Policies have been separated into account and organization types to easily distinguish between different types of services. It’s also possible to customize your own policy using the intuitive UI. Simply select the right services and actions, the effect (allow / deny) and you are ready to assign this policy to users or groups. You can also switch to JSON view and edit to create more advanced policies.
To read more about our new User Management System please visit our documentation page here.