1- ---
2- redirect_from :
3- - /cloud/access-control/
4- ---
5-
61# Access Control
72
8- As an account administrator, you can define roles with specific permissions for
9- resources and apply those roles to users within the account.
3+ As a Cube Cloud account administrator, you can define roles with specific permissions
4+ for Cube Cloud resources and apply those roles to users within the account.
105
116<SuccessBox >
127
@@ -15,25 +10,55 @@ Access control is available in Cube Cloud on
1510
1611</SuccessBox >
1712
18- ## List all roles
13+ ## Managing accounts
14+
15+ Account administrators have ultimate control over the Cube Cloud account, including
16+ [ managing roles] ( #managing-roles ) and assigning them to users.
17+
18+ You can see which users are account administrators on the <Btn >Members</Btn > tab of the
19+ <Btn >Team & Security</Btn > page in your Cube Cloud. Account administrators have the
20+ <Btn >Admin</Btn > toggle enabled next to their name.
21+
22+ ## Managing roles
23+
24+ In Cube Cloud, users are not assigned permissions directly. Instead, they are assigned
25+ _ roles_ that are associated with _ policies_ . Each policy define what _ actions_ they can
26+ perform and on what _ resources_ they can perform those actions. This approach makes it
27+ easier to manage permissions at scale.
28+
29+ Each role can be associated with one or more of the following policies:
30+
31+ | Policy | Description |
32+ | --- | --- |
33+ | ** Global** | Controls account-level functionality, e.g., as Billing. |
34+ | ** Deployment** | Controls deployment-level functionality, e.g., as Playground. |
35+ | ** Report** | Controls access to specific reports in Saved Reports. |
36+ | ** ReportFolder** | Controls access to specific folders in Saved Reports. |
37+
38+ Each policy can apply to _ all resources_ or _ specific resources_ . For example, a policy
39+ could apply to all deployments or only to a specific deployment.
40+
41+ Also, each policy can have _ all actions_ or only _ specific actions_ associated with it.
42+ For example, a policy could allow a user to view, create, or delete one or more
43+ deployments if it's associated with those specific actions.
44+
45+
1946
20- To see a list of roles in your account, first go to the Team settings page by
21- clicking on your avatar in the top right corner, then clicking on the "Team"
22- button.
47+ ### Browsing roles
2348
24- On the Team settings page, click the "Roles" tab to see all the roles in your
25- account:
49+ To see a list of roles, go to the < Btn >Team & Security</ Btn > page in your Cube Cloud
50+ account, then navigate to the < Btn >Roles</ Btn > tab :
2651
2752<Screenshot
2853 alt = " Cube Cloud Team Roles tab"
2954 src = " https://ucarecdn.com/476cb30f-4939-41a8-a399-53d4f8a47dee/"
3055/>
3156
32- ## Create a role
57+ ### Creating a role
3358
34- To create a new role, click the " Add Role" button. Enter a name and optional
35- description for the role, then click " Add Policy" and select either " Deployment"
36- or " Global" for this policy's scope.
59+ To create a new role, click the < Btn > Add Role</ Btn > button. Enter a name and an optional
60+ description for the role, then click < Btn > Add Policy</ Btn > and select either < Btn > Deployment</ Btn >
61+ or < Btn > Global</ Btn > for this policy's scope.
3762
3863Deployment policies apply to deployment-level functionality, such as the
3964Playground and Data Model editor. Global policies apply to account-level
0 commit comments