User Administration Overview
The ESH user management and RBAC system is one of the core capabilities that sets ESH apart in it's focus on Self Service. It is designed to be able to model any organizational structure in terms of permissions, making it possible to delegate authority for all administrative tasks to appropriate teams wherever they are located.
Access Roles
The following table depicts what activities the various user levels can undertake.
Activity | User | Template Admin | Tenant Admin | Organization Admin |
---|---|---|---|---|
Create Deployments | x | x | x | x |
Create Templates | x | x | x | |
Manage users | x | x | ||
Create Targets | x | x | ||
Audit logs access | x | |||
API Schema access | x | x | ||
Approve Deployments | x | x |
Users are granted access to whichever role suits their role in the ESH ecosystem.
Resource Groups
In addition to their Access Role, a user is granted access to resources via their group allocation. The following resource groups are created by default:
-
Template Tenant Default
The Template default group for a Tenant is created when a Tenant is created. It is a useful starting group for assigning Templates to users in a Tenant.
-
Target Tenant Default
The Target default group for a Tenant is created when a Tenant is created. It is a useful starting group for assigning Targets to users in a Tenant.
Advanced Resource Groups
Additional resource groups can be created to suit the needs of the organization. They grant access to specific resources and the resouces can be removed from the Tenant default groups so only users who are granted the advanced resource group are granted access to the resources.
Below is an example of a resource group for granting access to a subset of Templates to a subset of Targets. Users who are granted this group will only see the resources it grants to them.