Overview of the Permissions Model
The application includes a multi-level access control system that defines user roles and permissions. Each level of the hierarchy supports three roles: admin, developer, and guest, covering the main user types and their tasks.
Key Roles
- Admin:
A role with full permissions, providing unlimited control and configuration options. Suitable for users who require access to all features within their scope of responsibility. - Developer:
A role with some restrictions, intended for users focused on developing and managing projects but without access to administrative settings. - Guest:
A role with the lowest access level, designed for viewing content or basic information with very limited actions.
Role Assignment Rules
- Automatic Admin Assignment:
When a user creates an object at any level, they are automatically assigned the admin role for that object. - Mandatory Administrator Presence:
Every object must have at least one administrator. If the last administrator wants to step down, they must assign another user as an administrator first.
Key Advantages of the Model
- Continuity: Ensures objects are never left unmanaged.
- Flexibility: Supports varying user responsibilities and tasks.
- Security: Provides clear control over access permissions.
This intuitive model streamlines access management while balancing flexibility, security, and simplicity across all application levels.
Roles and Responsibilities at Each Level
Provider Level
At the provider level, users can freely create organizations without any restrictions. This level does not involve access control since every user can initiate the creation of a new organization as needed.
A provider represents a cloud platform, from which one of the available options can be selected: Microsoft Azure, Amazon Web Services, or Google Cloud Platform. The choice of provider is made in the far-left part of the application interface, making the selection process intuitive and user-friendly.
Organization and Sub-Organization Levels
At the organization level, a narrower scope of data and operations related to a specific organization is managed. Roles within organizations and sub-organizations (suborganization) allow for delegated management, task distribution among developers, and access restrictions for guests.
Project Level
At the project level, management is focused on carrying out specific tasks or implementing individual initiatives. Here, developer roles (developer) are especially important, as they have access to functionality related to development, testing, and deployment. Guests (guest) are limited to viewing content and performing minimal actions based on the administrator's settings.
Role Management Workflow
Role management is carried out through a user-friendly interface. To change a user's role, the administrator must:
- Click the three dots to the right of the desired instance.
- Select Permissions from the dropdown menu.
This will open a modal window where the administrator can:
- Add new users:
- At the organization level, adding new users is not restricted.
- At the suborganization and project levels, only users who already have a role at a higher level can be added.
- Change the roles of existing users.
- Remove existing roles from users.
This process simplifies access management, maintaining security control and ensuring all actions comply with established rules.
