Continuing from http://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/3981054-allow-team-accounts, that is great for multiple developers.
However, I would like to set a billing contact from our finance department who is not a developer and I don't want to give access to anything but billing.
As well as that, I am sure there are other use cases were a team lead might want to do one of the following:
- restrict access to certain servers to certain users
- or have an infrastructure employee restrict dev servers to developers, staging servers to devs and testers, and then prod/live to minority of devs, for example
Sum up:
- Ability to assign finance, infra (for downtime, maintenance work etc.), account super admin users with different abilities.
- Ability to assign a users to a account group.
- Ability to restrict droplets to certain users or user groups, and then that users abilities can be view, edit/view, or all access.
Thanks!
Slightly different but still related to fine-grained access control: I'd like to define custom roles for which I would disable editing some parts of the control panel, such as the firewall.
Attachments Open full size
At least limit users per projects.
Attachments Open full size
An accounting permission will be appreciated, to enable only a certain users to access billing information. Thanks.
Attachments Open full size
What is really needed is the ability to control permissions for each team member on a per-droplet basis. My MAJOR concern now, before I can start using the team feature, is the ability for my team members to DESTROY droplet. I just can't give this permission...
To summurize:
- Ability to control which team member has access to each droplet
- Ability to control whether a member can or CANNOT destroy a droplet
- Ability enable / disable the creation of new droplets for each team member
Without these, I unfortunately can't use the team feature.
Attachments Open full size
Hi guys, we have something that may be of use to the rest of the DO community:
https://www.youtube.com/watch?v=mM3967R9eYw,
its called SafeHarbour Buoy, and should be able to address fine grained control and
collaboration with contractors.
Attachments Open full size
Related to Team Accounts but permit members to have access to accouning/billing etc info as determined by account holder.
Attachments Open full size
It could look like the domain name system : technical contact, admin contact, billing contact, owner…
Attachments Open full size
At out scale, we don't need permissions per droplet; but I am concerned with the level of access a biller has. Adding another level (e.g. manager) would also be nice, accompanying a more limited access for developers (i.e. no destroy droplet or remove snapshot or back up permissions).
Anyways a permission based system seems to be in order :)
Attachments Open full size