A user of CloudReady deals with three main resource types:
Organization accounts can have multiple users, so an access control mechanism is need to authorize users’ interaction with these resources. CloudReady supports role and team based access control via Org Roles, Teams and Team Roles
A role determines the level of access a user has to a set of resources. It can allow different levels for different resource types, for example only allowing view rights to sensors but create and delete for alarms.
The set of resources that the role applies to is either everything in the organization (for an Org Role) or a configurable subset of resources which make up a Team (for a Team Role). You can think of an Organization as a predefined Team that includes all resources and all users.
Currently CloudReady has a predefined fixed set of Org Roles:
In this article, the generic term “admin” refers to a user with Admin or Owner Org Role (Org Admin, Org Owner). The person who creates the account becomes an Org Owner. They can add users to the organization giving each an Org Role. Org Admins can also add users but can not make them Org Owners.
An Org Role applies to all resources in the org which enables coarse-grained (allow edit all sensors or none) role based access control. For more fine-grained control Teams can grant groups of users a certain level of access (specified by their Team Role) to subsets of resources.
Team Roles are a subset of Org Roles that make sense for a team context:
A Team is a grouping of users and resources. Each member (user) has a Team Role, which determines the level of access they have to the resources in the Team. Teams are administered by admins, who can:
Sites added to a team automatically include all their present and future sensors and sensors automatically include all their present and future alarms.
A typical use-case would be: