User Access Management

“Access Control” is the process that limits and controls access to resources in Cloudlytics account.

Access controls manage the admittance of users to the system and resources by granting users access only to the specific resources.

When you create a Cloudlytics account, you create a root user account which can be used to login for the first time into Cloudlytics.

When you log in using root user credentials you have complete, unrestricted access to all resources in your Cloudlytics account.

The following section will help you to manage user and permissions to provide secure, limited access to your resources for yourself and newly created users.

In Cloudlytics there are 2 types of users

• Root User

• Sub User

Sub User again can be classified into the following two types

• Sub User with Administrator access

• Sub User with Limited access

Root User

All accounts have root user credentials (that is, the credentials of the account owner). These credentials allow full access to all resources in the account. This user is the one who has created an account in Cloudlytics. Depends upon the subscription root user can create the resources(Streams and Compliance) in Cloudlytics. Root User can create Sub User with Administrator access or limited access.

Sub User with Administrator access

Sub User with Administrator Access is a user with privileges that have advanced permission as compare to the Sub-user with limited access that is necessary for the administration of the account. For example, an Administrator user can create new sub-user with Administrator Access or Sub-user with limited access, streams, compliance, visualization etc excepts subscription buying and an account deactivation.

Sub User with Limited access

Sub User with limited access is a user with restricted privileges as compared to another type of users. While creating sub-users with limited access by, root user or administrator user, limits on the resources such as streams and compliance has to be provided. Depending upon the limits granted to sub-user, sub-user with limited access can create streams and compliance.

Note: When Sub-user with Administrator access or Sub-user with Limited access is deleted all the resources configured by those users are reallocated to the root user.

Groups :

In most of the cases, however, you want to limit a user’s permissions to certain resources only.

By default, a newly created Sub User with limited access has no permissions to do anything. The user is not authorized to perform any operations or to access any resources. For a large number of Sub User with limited access it becomes a tedious job to attach permission to each and every user, So to avoid this, create a group and assign permission to the group and attach Sub User with limited access to those groups.

All Sub Users with limited access should belong to a specific group. In case any sub-user with limited access doesn’t belong to any group then that user is unauthorized to perform any actions and access any resources.

All the permission to access resources within Cloudlytics are attached to groups. So it is recommended that the user belongs to some group.

Now let’s say a company namely ABC using Cloudlytics has 100 employees. Out of 100, only 20 are developers. Out of those 20 developers, let’s say only 10 requires read-only access and others require full access to resources. So instead of assigning permission to each developer, create a group in Cloudlytics account with read-only permission for users who require read-only permission and another group with full access for those users who require full access.

Root user or Administrator user can update the role of the already created user.

To enhance the security, MFA can also be enabled for the with Sub-User with administrator access or Sub-User with limited access.

Group Permission is divided into two main categories as Streams and Compliance.

Streams Permission :

In streams, permission section users can be given following permission

• Read Only: User gets only read-only permission that is user can only see the data but cannot perform a certain operation on the data.

• Stream: User gets full access to the stream operation that is user can pause, rename, delete or regenerate token of the streams.

• Visualization: User gets full access to the visualization operation that is users can create or delete visualization.

• Alerts/Notification: User gets full access to the Alerts/Notification that is users can create or delete alerts/notifications.

Compliance Permission :

In compliance permission, a user can be given following permission

• Read Only: User will get only read-only permission that is user can only see the reports and download them but cannot suppress rules.

• Full access: User gets full access to the compliance that is users can create, update, edit, delete compliance and can suppress rules

User Access Management demands a high level of accuracy. We can help. Book a free demo here!

Share this post

ABOUT THE AUTHOR

Abhijeet Chinchole

Abhijeet Chinchole

Abhijeet Chinchole is Chief Technology Officer at Cloudlytics. Over the years, Abhijeet has helped numerous global businesses transition to the cloud by helping them with strategy and implementation. He is also an expert on cloud migration, cloud security, and building modern SaaS applications. When not working, he likes to drive and don the hat of a creative tinkerer.

TOP STORIES

Simplifying FinOps on AWS with Native Services and SpendEffix

December 20, 2024

Migrating from Java 8 to Java 17: How Cloudlytics Modernized Its Backend with Amazon Q

December 12, 2024

How AWS AI Services Can Revolutionize Security Posture and Compliance in the Cloud with Cloudlytics

November 8, 2024

Generative AI for Cloud Security: Enhancing Protection through AI-Driven Threat Detection and Response

July 2, 2024

Maximizing API Security with AWS API Gateway and AWS WAF

June 25, 2024

Data Protection In AWS: Prioritizing Security And Compliance For CXOs

May 12, 2024

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!