Parallel Works
View as Markdown
Share:

Access Control

Cloud account access control determines which groups in your organization can use a cloud account to provision networks and start clusters. By default, a newly created cloud account is not shared with any group.

Requiresorg:admin

How Access Control Works

Access is managed through a single permission type called network. When a group is granted the network permission for a cloud account, members of that group can create and manage networks under that account and use those networks when starting clusters.

There are two ways to share a cloud account:

  • Organization-wide sharing — Share the cloud account with every group in the organization. When this option is enabled, all groups automatically receive the network permission and the individual group checkboxes are locked.
  • Group-based access — Restrict access to specific groups. Only the selected groups will be able to provision networks and use the cloud account for clusters.

Resource Type Access

As of v7.0.0, available resource types are automatically determined by cloud account access. If a group has the network permission on at least one cloud account for a given cloud service provider, that CSP's resource types are available to the group.

Managing Access

To manage which groups can use a cloud account:

  1. Navigate to Organization > Cloud Accounts and click the cloud account name to open the detail page.
  2. Click Manage access in the action bar. This opens the Group Permissions Manager panel.
  3. In the permissions panel you will see a table listing every group in your organization along with an Organization row at the top.

Sharing with the entire organization

To grant access to all groups at once, check the network checkbox in the Organization row. When organization-wide access is enabled, all individual group checkboxes are automatically checked and disabled because access is inherited from the organization setting.

Sharing with specific groups

To grant access to individual groups, leave the Organization row unchecked and check the network checkbox next to each group that should have access.

Saving changes

After adjusting the checkboxes, click Save Access to apply the changes. A confirmation message will appear once the update is saved.

Viewing Current Access

You can see the current sharing status of a cloud account on its detail page under the Shared with field in the Account Details section. This field shows one of the following:

  • Entire Organization — The cloud account is shared with all groups.
  • N groups — The cloud account is shared with a specific number of groups. Click the link to open the permissions panel and see which groups have access.
  • Not shared — No groups have access to the cloud account.