CloudLabs Identity and Access Management
- 15 Jul 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
CloudLabs Identity and Access Management
- Updated on 15 Jul 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
This document is designed to help you understand identity and access management for the CloudLabs portal. CloudLabs provides different RBACs at different scopes to help you manage who has access to CloudLabs, what they can do with their access, and what areas they have access to.
Scopes
The scope is the level at which access applies. When you assign a role, you can further limit the actions allowed by defining a scope. In CloudLabs, you can specify a scope at two levels: tenant or lab.
Tenant: If you have global access at the tenant level, you can make changes globally, which will affect all the labs under the tenant. Global Admin, Global Contributor, and Global Reader are the roles that have access at the tenant level.
Lab: If you have access at the lab level, you can only make changes that will affect that particular lab to which you have access. Lab Admin, Lab Contributor, and Lab Reader are the roles that only have access at the lab level.
CloudLabs Roles
The following table outlines the roles and actions available in the CloudLabs portal:
Action | Global Admin | Global Contributor | Global Reader | Lab Admin | Lab Contributor | Lab Reader |
|---|---|---|---|---|---|---|
Global Lab Settings | Yes | Read Only | Read Only | No | No | No |
IAM Role - Add, Edit & Remove (Scope - Tenant) | Yes | Read Only | Read Only | No | No | No |
IAM Role - Add, Edit & Remove (Scope - Lab) | Yes | Yes | Read Only | Yes | No | No |
Create Lab | Yes | Yes | Read Only | Yes | No | No |
Edit Lab - Create, Customize & Update Images for Lab | Yes | Yes | Read Only | Yes | Read Only | Read Only |
Edit Lab - Lab Instances - Provision, Start, Stop, Redeploy & Reimage | Yes | Yes | Read Only | Yes | Yes | Read-Only |
Edit Lab - Users - Invite, Add & Remove | Yes | Yes | Read Only | Yes | Yes | Read Only |
Edit Lab - Users - Edit Quota | Yes | Yes | Read Only | Yes | Read Only | Read Only |
Edit Lab - Schedules - Add, Edit & Delete | Yes | Yes | Read Only | Yes | Yes | Read Only |
Edit Lab - Setting - Idle Shutdown | Yes | Yes | Read Only | Yes | Read Only | Read Only |
Delete Lab | Yes | No | Read Only | Yes | No | Read Only |
Reports | Yes | Yes | Read Only | Yes | Yes | Read Only |
In the above table, the actions yes, no, and read-only refer to the role-specific permissions and actions available on the CloudLabs portal for lab creators, admins, and users within a particular scope.
Yes, which means that the particular role has permission for the action.
Read-only means that the particular role can just see the action/effect of the action but cannot perform the action.
No, which means that the particular role cannot see/perform the action.