About Partners, Organizations, and Groups
On the ACTIVATE platform, we use partners, organizations, and groups to organize users and manage access permissions. This user hierarchy is shown in the diagram below with a detailed explanation afterward.
Platform Settings are the highest level from which the platform can be configured. Only ACTIVATE administrators can manage these settings. Currently, the settings that can be configured at the platform level are cloud service providers (CSPs) and multipliers.
The next management level is Partner Organizations, which have the ability to create other organizations. Organizations created by a partner organization are considered to be managed by the partner organization. Any organization that manages another organization can:
- access all of the organization's settings, users, groups, and CSP billing data.
- manage which providers are available to the organization.
- set custom billing multipliers.
- configure allowed instance types.
All organizations can:
- manage which providers are available.
- configure allowed instance types.
- configure default resources, which are created for new users.
Groups are used to manage user permissions that affect the administration of users, groups, and group settings. Note that to configure many of these settings, you must be in a group with the org:admin
role, or a role specific to the setting you're configuring. Partner organizations and ACTIVATE administrators are automatically granted necessary roles to configure organizations. For more specific information, please see About Group Roles below.
Users are intended to be named users (i.e. one real person per username), and our system is designed around this idea.
These elements create a user hierarchy with a waterfall structure, where each tier inherits the settings above it but can be overriden at the lower level.
Organizations for Partners and ACTIVATE Administrators
The Organization page will look different for you than it will for most users. When you click your Username then Organization, you’ll see a list that includes your organization and all organizations that you manage.
There are two functions that are important for partner organizations: configuring multipliers and creating organizations.
This page displays each organization’s name, which organization it’s managed by (if any), its number of members, and shortcuts for that organization's settings.
The shortcut icons redirect to the follow settings tabs:
- - Users
- - Groups
- - Keys
- - Infrastructure
- - Providers
- - Partner
About Group Roles
We currently have four ACTIVATE roles to customize user permissions within your organization.
- Users with the
org:admin
permission have full control. They can make any changes to any settings on the Organization page. - Users with the
org:settings
permission can manage settings on the Organization page. - Users with the
org:users
permission can create and manage users on the Organization page. - Users with the
org:groups
permission can create and manage groups on the Organization page. However, they cannot assign or remove roles for groups; only users with theorg:admin
permission have access to make those changes.
These roles are controlled through groups. All users within a group have the same permissions. Groups can also have multiple roles assigned to them.
At this time, you cannot assign roles to individual users.