There are two types of users that a Manager user can create. Depending on the permissions you assign to the role, you could categorize the users as follows:
All privilege : User will have all the privileges in CloudView except creating and managing other users.
Reader privileges: User with Reader role can only view the data displayed in CloudView module.
There are two options you could configure access for users
- Direct scope definition for user
When you define scope for a sub user, you could directly select the connectors for every Cloud Provider and associate it with the sub user. The sub user can then access all the connectors defined in the scope for the sub user.
In the Access Management tab, select the user and select Manage Access from the quick action menu. Click Add Accounts link for the specific Cloud Provider and then select the connector, and click Save. Show me
You can select multiple connectors from multiple cloud providers as well.
For AWS, you can select connector and region as well. Show me
- Using groups
Use connector groups to configure connector access for a sub user.
By default, the sub user can access all connectors as no group is assigned to any user. Assign group to user to provide access or restrict access to connectors associated with the group.
Navigate to Configuration tab and then the Cloud Provider (AWS, Azure, or GCP) for which you would want to create connector groups.
Choose the connector for which you want to configure access and click Assign Group from the quick action menu.
Type a name for the group and click Create and then click Save. Show me
A user with all privileges is able to perform all functions and access all connectors by default. If you want to restrict the access to single connector, simply create connector group and assign it to the user. The user can then access only the single connector associated with the assigned group.
To configure access to multiple connectors, assign a common group to all such connectors and associate it with the required users.
To view the list of connectors grouped together for a single cloud provider, simply click the Group by option. Show me
Alternatively, you could use search token.
and the search result lists all the connectors for a cloud provider associated with the group.
Consider a user whose direct scope definition conflicts with the access assigned through groups. In such cases, the scope overrides and the user is able to access the connectors defined directly through the scope of the user.
Let us consider two different examples to understand the conflicts better.
Case 1: A user is assigned a group named AWS_important that includes access to two AWS connectors. Also, the user has been directly assigned access to five other AWS connectors. In such case, the user is able to access all the seven connectors.
Case 2: A user is assigned a group that includes none of the connectors. In such case, the user cannot access any connector.
However, if the same user is directly assigned connectors through scope definition, the user can access the connectors that are directly assigned.