Team accounts with fine grain control
Continuing from http://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/3981054-allow-team-accounts, that is great for multiple developers.
However, I would like to set a billing contact from our finance department who is not a developer and I don't want to give access to anything but billing.
As well as that, I am sure there are other use cases were a team lead might want to do one of the following:
- restrict access to certain servers to certain users
- or have an infrastructure employee restrict dev servers to developers, staging servers to devs and testers, and then prod/live to minority of devs, for example
Sum up:
- Ability to assign finance, infra (for downtime, maintenance work etc.), account super admin users with different abilities.
- Ability to assign a users to a account group.
- Ability to restrict droplets to certain users or user groups, and then that users abilities can be view, edit/view, or all access.
Thanks!
-
C
- Sep 11 2018
- Future consideration
-
Allow team members to only certain DNS records Merged
Would love to have control over which dns entry can team members edit. This can avoid some ill intention or mistakes.0 Future consideration
-
RBAC Merged
Role based access control One should be able to create subaccounts and give access to different servers.0 Future consideration
-
Team Members Merged
I would like to see a feature that limits the team members to a specific droplet that they are working on.0 Future consideration
-
Custom Roles with permissions Merged
Allow to add custom roles with permissions. Something like: Admin: Will have permissions to manage droplets, billing and support. Billing: Will have permissions to billing only, and support. Dev: Will have permissions to see metrics and droplet ...1 Future consideration
-
Additional roles Merged
The big request to developers to make improvements and add additional functions setting user roles in your account. Whatever it was possible to manually create different rules for my team (and on russian language) Большая просьба к разработчик...0 Future consideration
-
Give option for team admin to restrict Droplet creation/resizing/destroying capabilities of a member Merged
Consider I want to manage billing of clients account. I can create a team for him and give him privileges to manage dns and one or more specific droplets. But since billing is from my creditcard, as a team admin I must be able to restrict certain ...0 Future consideration
-
User groups and ACL on Projects Merged
I would like to be able to create user groups, and assign members of my team to those groups, eg "Junior Devops" group.Also i would like to be able to allow access to certain Projects in my team to certain user groups. eg "Junior Devops" group can...0 Future consideration
-
Differente Teams view and permissions Merged
It would be very nice to have the option give some teams a restrict view of our account(s). Example: Give the financial team to only see and manage financial information like invoices, payments made, change e-mail where the invoice is sent to, etc.0 Future consideration
-
More control over permissions for Team Members Merged
Would be great to more control over permissions when you invite someone to your team. For example: View only Access to specific droplet(s) What permission they have within the droplet(s) - view, resize, destroy, create backups/snapshots, etc....0 Future consideration
-
Add ACL Support Merged
Would love to see some sort of ACL functionality. Would be great to allow different users access to droplets, permission to add droplets, etc, on a per user basis. Obviously a more complicated example of this is AWS's IAM. For Digital Ocean to b...1 Future consideration
Related ideas
Slightly different but still related to fine-grained access control: I'd like to define custom roles for which I would disable editing some parts of the control panel, such as the firewall.
Attachments Open full size
At least limit users per projects.
Attachments Open full size
An accounting permission will be appreciated, to enable only a certain users to access billing information. Thanks.
Attachments Open full size
What is really needed is the ability to control permissions for each team member on a per-droplet basis. My MAJOR concern now, before I can start using the team feature, is the ability for my team members to DESTROY droplet. I just can't give this permission...
To summurize:
- Ability to control which team member has access to each droplet
- Ability to control whether a member can or CANNOT destroy a droplet
- Ability enable / disable the creation of new droplets for each team member
Without these, I unfortunately can't use the team feature.
Attachments Open full size
Hi guys, we have something that may be of use to the rest of the DO community:
https://www.youtube.com/watch?v=mM3967R9eYw,
its called SafeHarbour Buoy, and should be able to address fine grained control and
collaboration with contractors.
Attachments Open full size
Related to Team Accounts but permit members to have access to accouning/billing etc info as determined by account holder.
Attachments Open full size
It could look like the domain name system : technical contact, admin contact, billing contact, owner…
Attachments Open full size
At out scale, we don't need permissions per droplet; but I am concerned with the level of access a biller has. Adding another level (e.g. manager) would also be nice, accompanying a more limited access for developers (i.e. no destroy droplet or remove snapshot or back up permissions).
Anyways a permission based system seems to be in order :)
Attachments Open full size