Optimization Tips

User Roles and Permissions – The CloudHealth Basics

In the second blog of our series “The CloudHealth Basics,” we are going to dive deeper into user roles and permissions – the backbone of your CloudHealth platform.  

Let’s make some assumptions 

Assuming you have started your cloud management journey and an official CloudHealth customer now, you may be wondering – what’s next? You’ve integrated your cloud accounts into the platform but how do you grant people in your company access and set up what they need to see? 

There are three key items to keep in mind when initially setting up CloudHealth:  

  1. Who do you need accessing the platform  
  2. What permissions should these individuals have  
  3. What should each individual be seeing in the platform 

These three items are key to setting up your CloudHealth user roles and permissions and consequently known as Users, Roles, and FlexOrgs. Let’s dive in! 

What are Users?

Users are any individual who has authenticated access to CloudHealth. There are two approaches to managing authentication using CloudHealth: 

  1. CloudHealth as identity provider – Users log in with an email address and password, using our built-in authentication provider, and roles are managed from within CloudHealth. 
  2. External identity provider – Many customers use an external identity provider for logging into their internal applications. CloudHealth provides integration with many common identity providers to allow Single Sign On (SSO).  

Roles and permissions will work the same for users authenticating through CloudHealth or an external identity provider.

What are Roles?

A role is typically assigned to a user at the time they are invited as users to CloudHealth.  

CloudHealth provides three default roles: 

  1. Administrator: The administrator has access to all privileges across all data. 
  2. Power Users: Power Users have the ability to perform all operations available to an administrator except the ability to create, edit, or delete organizations and users. 
  3. Standard: Standard Users can view but not edit or delete data within CloudHealth. 

In addition to these default roles, you can create your own custom roles that grant the access you wish to your users.   

What are FlexOrgs?

FlexOrgs are made up of organizational units (OU), users, user groups, and role documents. 

  1. Organizational units define what content and data an assigned user can see in the platform. OUs are organized under a top-level organizational unit (TLOU) into a hierarchy of tiered parent OUs and child OUs. 
  2. Users (as discussed above) are people who have access to the CloudHealth platform. 
  3. User groups define characteristics of an OU, and assign permissions to users within the user group using role documents. User groups can give a user access to one or more OUs. Users can be assigned to user groups manually or using SSO. 
  4. Role documents (as discussed above) are a list of permissions that define what a user can do with content in the platform. Role documents are attached to user groups.

FlexOrgs provide organizations greater control over user access, sharing, and delegation across multiple levels of organizational hierarchy. 

With FlexOrgs you can: 

    • Create an organizational structure that reflects your company’s hierarchy 
    • Define and link organizational units that reflects how your cloud infrastructure should be managed 
    • Separate each organizational unit in the hierarchy so each OU views only its infrastructure 
    • Map users to specific organizational units and control their levels of access in each organizational unit

What’s Next? 

Enjoying the “CloudHealth Basics” series? Stay tuned for our next blog on CloudHealth Operations and learn more about Perspectives and how they can help your organization group assets in a meaningful and significant way.

Looking to learn more about cloud management? Read our eBook The Cloud Management Platform Buyer’s Guide to learn how a cloud service management solution can help your organization be efficient and strategic in the cloud.