DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products
    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community
    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support
    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • DO-I-1198 /
  • New idea
50 Vote

Team accounts with fine grain control

Continuing from http://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/3981054-allow-team-accounts, that is great for multiple developers.

However, I would like to set a billing contact from our finance department who is not a developer and I don't want to give access to anything but billing.

As well as that, I am sure there are other use cases were a team lead might want to do one of the following:
- restrict access to certain servers to certain users
- or have an infrastructure employee restrict dev servers to developers, staging servers to devs and testers, and then prod/live to minority of devs, for example

Sum up:
- Ability to assign finance, infra (for downtime, maintenance work etc.), account super admin users with different abilities.
- Ability to assign a users to a account group.
- Ability to restrict droplets to certain users or user groups, and then that users abilities can be view, edit/view, or all access.

Thanks!

  • C
  • Sep 11 2018
  • Future consideration
Accounts
  • Comments (8)
  • Votes (50)
  • Merged ideas (10)
  • Attach files
  • Benoit Maisonny commented
    15 Jun, 2020 07:20am

    Slightly different but still related to fine-grained access control: I'd like to define custom roles for which I would disable editing some parts of the control panel, such as the firewall.

    ×

    Attachments Open full size

  • Bruno Magalhães commented
    5 Dec, 2019 07:19pm

    At least limit users per projects.

    ×

    Attachments Open full size

  • Arcadina commented
    11 Sep, 2018 04:49pm

    An accounting permission will be appreciated, to enable only a certain users to access billing information. Thanks.

    ×

    Attachments Open full size

  • Julien Meunier commented
    11 Sep, 2018 04:49pm

    What is really needed is the ability to control permissions for each team member on a per-droplet basis. My MAJOR concern now, before I can start using the team feature, is the ability for my team members to DESTROY droplet. I just can't give this permission...

    To summurize:

    - Ability to control which team member has access to each droplet
    - Ability to control whether a member can or CANNOT destroy a droplet
    - Ability enable / disable the creation of new droplets for each team member

    Without these, I unfortunately can't use the team feature.

    ×

    Attachments Open full size

  • Safeharbour commented
    11 Sep, 2018 04:49pm

    Hi guys, we have something that may be of use to the rest of the DO community:
    https://www.youtube.com/watch?v=mM3967R9eYw,
    its called SafeHarbour Buoy, and should be able to address fine grained control and
    collaboration with contractors.

    ×

    Attachments Open full size

  • Anonymous commented
    11 Sep, 2018 04:49pm

    Related to Team Accounts but permit members to have access to accouning/billing etc info as determined by account holder.

    ×

    Attachments Open full size

  • Phil commented
    11 Sep, 2018 04:49pm

    It could look like the domain name system : technical contact, admin contact, billing contact, owner…

    ×

    Attachments Open full size

  • Fardin K. commented
    11 Sep, 2018 04:49pm

    At out scale, we don't need permissions per droplet; but I am concerned with the level of access a biller has. Adding another level (e.g. manager) would also be nice, accompanying a more limited access for developers (i.e. no destroy droplet or remove snapshot or back up permissions).

    Anyways a permission based system seems to be in order :)

    ×

    Attachments Open full size

  • 3 Vote

    Allow team members to only certain DNS records Merged

    Would love to have control over which dns entry can team members edit. This can avoid some ill intention or mistakes.
    Created 11 Sep 04:49pm by Firdouss Ross Rosli
    Accounts
    0 Future consideration
  • 4 Vote

    RBAC Merged

    Role based access control One should be able to create subaccounts and give access to different servers.
    Created 11 Sep 07:00pm by Boian Mihailov
    Accounts
    0 Future consideration
  • 7 Vote

    Team Members Merged

    I would like to see a feature that limits the team members to a specific droplet that they are working on.
    Created 11 Sep 04:41pm by Jon
    Accounts
    0 Future consideration
  • 5 Vote

    Custom Roles with permissions Merged

    Allow to add custom roles with permissions. Something like: Admin: Will have permissions to manage droplets, billing and support. Billing: Will have permissions to billing only, and support. Dev: Will have permissions to see metrics and droplet ...
    Created 11 Sep 03:59pm by Anonymous
    Accounts
    1 Future consideration
  • 3 Vote

    Additional roles Merged

    The big request to developers to make improvements and add additional functions setting user roles in your account. Whatever it was possible to manually create different rules for my team (and on russian language) Большая просьба к разработчик...
    Created 11 Sep 04:16pm by Anonymous
    Accounts
    0 Future consideration
  • 4 Vote

    Give option for team admin to restrict Droplet creation/resizing/destroying capabilities of a member Merged

    Consider I want to manage billing of clients account. I can create a team for him and give him privileges to manage dns and one or more specific droplets. But since billing is from my creditcard, as a team admin I must be able to restrict certain ...
    Created 11 Sep 04:15pm by Robin
    Accounts
    0 Future consideration
  • 3 Vote

    User groups and ACL on Projects Merged

    I would like to be able to create user groups, and assign members of my team to those groups, eg "Junior Devops" group.Also i would like to be able to allow access to certain Projects in my team to certain user groups. eg "Junior Devops" group can...
    Created 10 Mar 04:10pm by Giannis Sialmas
    Accounts
    0 Future consideration
  • 3 Vote

    Differente Teams view and permissions Merged

    It would be very nice to have the option give some teams a restrict view of our account(s). Example: Give the financial team to only see and manage financial information like invoices, payments made, change e-mail where the invoice is sent to, etc.
    Created 11 Sep 03:51pm by Helio Campos Mello de Andrade
    Accounts
    0 Future consideration
  • 7 Vote

    More control over permissions for Team Members Merged

    Would be great to more control over permissions when you invite someone to your team. For example: View only Access to specific droplet(s) What permission they have within the droplet(s) - view, resize, destroy, create backups/snapshots, etc....
    Created 19 Oct 08:47am by Guest
    Accounts
    0 Future consideration
  • 8 Vote

    Add ACL Support Merged

    Would love to see some sort of ACL functionality. Would be great to allow different users access to droplets, permission to add droplets, etc, on a per user basis. Obviously a more complicated example of this is AWS's IAM. For Digital Ocean to b...
    Created 11 Sep 06:06pm by Brad Berger
    Accounts
    1 Future consideration
Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status