User Management
- 08 Jun 2021
- 2 Minutes To Read
- Contributors
- Print
- Dark modeLight
- PDF
User Management
- Updated On 08 Jun 2021
- 2 Minutes To Read
- Contributors
- Print
- Dark modeLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Serverless360 lets organisations manage their Azure resources, those constitute their Line of Business. As an organisation you can add any number of their employees as users to your Serverless360 account, to manage the associated resources. Employees using Serverless360 should be provided with exact permission they need. Too many permissions can expose an account to security violations. Insufficient permissions mean that your employees can’t get their work done efficiently. User access policy with custom role capability helps address this problem of offering fine-grained access management for Serverless360.
User Roles
Serverless360 Private Hosting authenticates your organization users using your Azure Active Directory (AD). Users can be managed through the User Management feature under Settings module in Serverless360. New user can be assigned a role to define access control. The following table provides brief descriptions of the built-in roles:
| Role | Description | CAN | CAN'T |
|---|---|---|---|
| Administrator | As an account owner, you have full control over the application including access to licensing | Creates and manages all resources, Invite Users to the account, Switch Account ownership to other Super User, Perform License Activation and Deactivation | - |
| Super User | Will have access to the whole application except licensing | Creates and manages all resources, Invite Users to the account | Manage license |
| Normal User | Will not have access to Settings | Create and manage all associated entities | Can’t access Setting module that includes: Service Principal management, User Management, License Management, Event Logs |
Use Case
Consider a business scenario, where the requirement is to provide Read-Only permission on a set of composite applications to a specific set of users. In this scenario, you can create a custom role definition along with the predefined roles.
- Click 'Add Role' in the User Management screen
- Enter a 'Role Name' and 'Role Description'
- Select the Composite Applications that should be accessible to this role
- Define Overall permission, applicable on the selected Composite Applications and its associated entities:
- Read Only- can view
- Manage - can manage
- Define permissions on 'Operations'
- Retrieve Message - Can view the message list and system properties
- Access Message Content - Can access message details like Custom Properties and Message body
- Process Message - Can perform message operations like defer, resubmit, repair & resubmit and delete the message
- Define permissions on 'Monitoring'
- 'View Alert History' -Can view the alert histories of the monitors already created
- 'Manage' - Can manage monitors
Define the permission on Technology Stack, explicitly for Service Bus, Logic Apps, and Azure Functions to permit CRUD operations on the associated entities. Choosing
- Read Only - can view associated entities
- Manage - can perform CRUD operation on the associated entities
- Select View or Download option on Governance & Audit
Additional Pointers
Serverless360 custom role can be leveraged to:
Restrict users to hold:
- read-only or manage access to a selected Composite Applications (Logical group of Azure resources)
- read-only or manage access to a specified Technology stack (Service Bus, Logic App, Azure Function etc)
- permission only to Process Messages on entities associated within a Composite Application
- permission only to perform a specified action like View and Download Governance and Audit report
- as the business scenario demands
Define custom permissions to a group of users
Was this article helpful?
