You probably didn’t notice yet but yesterday we made our first major update in the City Control Panel. Apart from bug fixes and general adjustments we now launch a much anticipated feature – Multiple users and access groups.
Until today our control panel has been accessible for one user only. Anyone with access to the credentials had access to everything on that particular account. This presented a problem for some of our customers in need of multiple user accounts with different privileges. Some companies don´t feel comfortable allowing all their departments to access their entire City Cloud portfolio and in some cases this has been solved with multiple accounts for multiple purposes. As of yesterday, all City Control Panel accounts can add multiple users and control their privileges. Now it´s easier than ever to grant access to servers, invoices and backup separately.
A truly advanced feature
When we developed this feature we didn’t just enable the ability to add multiple users. This is an advanced feature for controlling virtually all aspects of access to the City Control Panel, allowing the administrator to stay in total control. In addition to adding multiple users we have also made it simple for administrators to control even more aspects of how the users access the City Control Panel with the use of access groups. Read more about the two approaches below.
The administrator of the City Control Panel can add multiple users and grant them different rights. This is perfect for an organization that want to limit single users from using different sections of the control panel. Here are the different privileges and the sections, 1 privilege is applied to 1 section and defines what user “X” can do within that section. The flowchart to the left also shows how privileges can be matched.
- Full access
- Read only
- No access
- Access Groups*
*Only applicable for “Server Management” section – read more under Access groups below.
- Server management
Everything that has to do with all the servers on that account. Create, delete, clone and manage.
Viewing and paying invoices.
- Backup management
Everything that has to do with all the backup on that account.
- Add new user
Permission to add new users.
Access groups can be created for the specific section “Server Management”. This adds yet another dimension of access control and allows for an administrator to more specifically control what a certain user can do with the company´s servers. In the previous chapter we talked about 3 different privileges and those still apply. However, for the “Server Management” section alone, there is a fourth option called “Access group”.
An access group has the following options that can be turned on or off.
- List/view servers
- Create server (cloning included)
- Delete server
- Modify server settings (Change hardware profile, name, storage, interface etc)
- Control servers (Start, stop, pause, resume)
These options can be applied to certain servers by their tags
“List/view servers ONLY if the server is tagged “webserver”
With this feature, the possibility of adding multiple users to one City Control Panel account becomes endless. An administrator can grant access for certain people or groups of people – to all or only certain actions – on all or only certain servers.
How is this useful?
If you ever find the need to limit one specific user to certain tasks, this feature is for you. For instance, you might want your finance department to access and be able to pay the invoices but NOT being able to reach the precious servers. Or you just want certain technicians to manage certain servers. Anyway you want to do it, this feature will do the trick.
By using these features an administrator can create new users with a wide range of privileges. In this example an administrator will allow:
- The financial department to only view and pay invoices
- A technician working on project X to access and manage certain servers
- The administrator creates a user for the financial department and gives that user full access to Invoicing. All other privileges are set to “No Access”.
- The administrator creates an access group called “Project X” and defines the rules for that access group. In this case, the rules are: Full access to all actions related to servers tagged “ProjectX”.
- The administrator creates a user for the technician and adds him/her to the access group “Projext X”. All other privileges are set to “No Access”
This is what happens:
- No access to Server management, Backup management or adding new users
- Full access to Invoicing
In this example, the financial department has an account to access the City Control Panel but when they are logged in, the only thing they can access is information about the created invoices.
Technician working on project “X”
- No access to Usage & Invoicing, Backup Management or Adding new user
- Limited access to Server management since added to the access group “Project X”
This technician can only perform the available actions (create, scale, delete, start, stop etc) on servers tagged “ProjectX”.