Overview of roles on all levels
Level | Role | Used by | Purpose |
|---|---|---|---|
| Customer area | |||
| Reader | All customer area members. | Grants to read-only access to the customer area. Basic role to access the customer area. | |
| User | All customer area members. This is assigned automatically when a person is joining any project. | Granting read-only permissions to get into proper customer area + be able to create own project. | |
| Admin | Customer key persons | Grants ability to add/remove users in customer area (usually removing is used when an employee is leaving the company). Can promote others to become admins. Cannot do anything with owner role and cannot touch any user that has owner role. A possibility to see all projects even without being members of them for customer area admins/owners and portal admins (use toggle button LOAD MORE PROJECTS to see all customer´s projects or projects the user is member of. | |
| Owner | Customer key persons | Grants ability to change roles for users + approval capabilities (buying licenses, approving raising of resources limits). A possibility to see all projects even without being members of them for customer area admins/owners and portal admins (use toggle button LOAD MORE PROJECTS to see all customer´s projects or projects the user is member of. | |
| Billing | Company accountants, ICT managers | Granting access to billing capabilities and details. | |
| Project | |||
| Reader | All project members. | Grants read-only access to the portal project. Basic role to access portal project. | |
| User | Usually standard users | Grants ability to add/remove servers. | |
| Admin | Usually senior or lead team members | Grants ability to add/remove servers and SaaS entities (Jira projects, Confluence spaces, Bitbucket repositories). Can promote others to become admins. Cannot do anything with owner role and cannot touch any user that has owner role. | |
| Owner | Usually project managers | Grants ability to change roles for users + approval capabilities (buying licenses, approving raising of resources limits). | |
| Billing | Project accountants, project managers | Granting access to billing capabilities and details. | |
| Application | |||
| Reader | Not available for end-users. Granted automatically based on users membership of some application entities. | Usually gives the ability to be able to login into application and reserves license where applicable. This is automatically managed by TDS, no actions required from end-users. | |
| User | Not available for end-users. Granted automatically based on users membership of some application entities. | Usually gives the ability to be able to login into application + reserves license where applicable. This is automatically managed by TDS, no actions required from end-users. | |
| Administrator | Not available for end-users. Used by customer administrators only. | Reserved for customer administrators to be able to manage SaaS applications with partial administrator permission. | |
| Server | |||
| User | Usually standard users | User is added to server. User must have SSH key added to portal, otherwise you cannot add such user into servers. | |
| Admin | Users that would like to grant them - "sudo" | User is granted with sudo. | |
| Owner | Usually senior or lead team members | User is granted with sudo. Owner can manage server and it is users. | |
| Application entities | |||
| Reader | Usually project customers, collaborators or for example employees with access to some shared documentation. This role is granted automatically to any new member of the entity. | Grants usually read-only access and comments to a particular entity (differs by application type). Basic access to the entity. | |
| User | Roughly 90% of users - developers, technical specialists... | Read-write access to a particular entity (differs by application type). | |
| Admin | Usually senior developers, project managers. | Managing various stuff in an entity (differs by application type). |
Configuration of user management events
This chapter is formerly known as:
Mass user management
It is is about configuration of default action when adding or inviting new project members or managing user roles on project level + what happens when user roles are changed >> whether they are reflected or not.
By default it is disabled in each new project. However owners can enable/disable "Add project users to all services by default" for their particular project in case of need.
Setting of this functionality can be easily bypassed every time when new person is being added by using switch called "Add to all SaaS Services"
Changes made on higher levels are reflected to lower levels. For example if the admin role is removed on project level from some user, admin role is automatically removed from any lower levels (Application entities, Servers) which is effect of this functionality.
Removing user from portal project always removes this user from all servers and SaaS services within the project to satisfy security requirements.
Admin/Owner role for Customer Area
A new possibility to see all projects even without being members of them for customer area admins/owners and portal admins.
Toggle button - to see all customer´s projects or projects the user is member of.
CA Admin is able to manage a project without membership the same way a portal admin is currently able to do.
When CA admin clicks on any user they have an ability to:
- see projects that the user is member of (projects are collapsible)
- show all entities (even if the user is not a member of them)
- quick user´s roles management
- administer a bunch of various projects centrally
Click on Project Name and show up the Application and Services list (the current status set for that user).
Click on the Application and Service list and show up Entities names and what role the user has there.
User default role in Company and Project
Added option to define default User Role on Customer Area (CA) and Project Level in TDS portal. How to set up a default role:
- Go to Project details
- Click edit
- Scroll down the menu and set default role (reader, user, admin, owner and etc.)
Combination of more roles as a default role (for example admin+billing) is not possible.
Default role on CA level is not inherited to default role on project level. Every new created project has "User" role as default role and you can later change it.
CSV import or invitation
This functionality works only in certain customer environments and setups which must match multiple conditions to be properly integrated.
Before a user can be granted access to particular project and services (Jira and Confluence) he needs to be first his account created.
User account can be created in 2 ways:
- CSV import - you must send email/ticket to support team with list of users in format "username,email,FirstName,LastName" and with information about expected roles and projects/areas.
- in some environments users can be invited even if they do not exist in portal. They must finish signup process by following instructions from email. If email is not delivered to them, it is most likely because integration with customer systems were not possible. Therefore you have to use CSV import option.
User can be granted access on a few levels:
- TDS CA/Company users (Level 1)
- TDS Project users (Level 2)
- TDS SaaS Service, Server or Application users (Level 3)
User can be invited to CA/Company sending an invitation to user's email.
User can be added to Level 2 only when the user is already in Level 1.
User can be added to Level 3 only when the user is already available in Level 2.
TDS User Directory (LDAP) is used to keep the user's personal data assigned to CA/Company and user's projects.
Additionally, there is an available list of all TDS users in the Admin section.
By pressing 
button user can invite another user to TDS CA/Company (Level 1) entering a user's email in invitation dialogue and pressing button INVITE.
Invitations are valid for a limited time (default is 72 hours). Valid unused invitations can be viewed on the Invitations page.
Adding/Remove users
Page Users shows the list of users connected with this Project. The project owner or admin can add already existing users to a Project using button. If the user is not in Customer area than he/she can be invited directly from add user modal window (as described in above). Self-invitation is not possible in public TDS.
Once the user is granted access to the TDS project and can be found among all project Users.
Once a user is a member of the project he can be granted user/administrator access to one or more SaaS application as JIRA, Confluence, Git, etc.
Project admin/owner can add a user to a particular application using button available for each application under left menu tab SaaS.
The project owner can edit or remove users by clicking on REMOVE.