Groups & ACLs on The Platform
Access to your products, services, and environments is managed via ACLs (Access Control Lists). Datica allows you to manage organization access by creating Groups, which are composed of various ACL rules, and adding individual users within your organization to these groups.
As a rule, you may not assign individual ACLs to a specific individual - they must belong to a group. You can create and delete groups as you see fit. There is one important exception and that is the Admins group. You can revoke and grant access to this group, but you may not delete it or modify it.
Currently Datica supports the following set of ACLs:
Can interact and control any component and product of your environment(s), except they do not have VPN access, and the cannot manage users.
This ACL provides users with the ability to edit the services in the environment.
Can directly interact with your Datica network, running jobs, and services (Note: this is only relevant to organizations and environments that have a running VPN).
This gives users the ability to view organization billing details, including the list of payment methods and invoice history.
This gives users the ability to update payment information, including changing the default payment method.
This ACL gives users the ability to create new groups.
This ACL gives users the ability to update a given group’s ACLs.
This ACL gives users the ability to remove groups entirely.
Manage Group Membership
This ACL gives users the ability to add members to and remove members from a group.
This ACL gives users the ability to view the list of invited users.
This ACL gives users the ability to send out invitations to other users to join that organization.
This ACL gives users the ability to remove invites that have been sent, but not accepted.
Update Organization Information
This ACL gives users the ability to update organization information, such as the organization name.
Update Organization MFA Required
This ACL gives users the ability to update an organizations Multi-factor Authentication preferences.
A group can have multiple ACLs, and a member of an organization can be in any number of groups. For example, if an operations team only needs access to production servers, but not the ability to deploy new code, a group called “Operations” could be created with only the VPN ACL.
Likewise, a “Developers” team can be given the ability to deploy code but not access production servers with the Base ACL. Then, if there are any members with cross-team duties needing cross-team access, those members could be added to both groups - effectively giving them both the VPN and Base ACLs.
For more on how to manage your organization and create groups with the dashboard you can go to the organization guide.