Managing portal access

BigAnimal uses role-based access controls to grant users access to different parts of the application.

Organizations

Each subscribed customer has a unique organization. Each organization’s database clusters are deployed and managed in the customer's cloud account. This approach ensures complete segregation of customer data between organizations.

Each BigAnimal organization is associated with an identity provider, set up by the customer. Your identity provider establishes the identity of users that belong to an organization. After an organization's identity provider is set up, users added to the identity provider can log in with minimum access privileges.

For Azure Marketplace accounts, each BigAnimal organization is associated with an Azure AD tenant. Azure AD establishes the identity of users that belong to an organization. After Azure AD is linked during subscription, users that belong to that AD can log in with minimum access privileges.

BigAnimal supports role-based access control policies. A user with the owner role can assign roles to other users in the same organization.

Roles

Access to BigAnimal is controlled by roles. Roles are sets of permissions. You use roles to manage permissions assigned to users.

Each organization has three default roles available:

  • account owner
  • contributor
  • reader

Permissions

Permissions are generally represented in the format action:object where action represents an operation to perform and object represents a category of portal functionality.

  • The available actions are: create, read, update, and delete.

  • The available objects are: cloud accounts, backups, billing, clusters, events, identity providers, permissions, roles, users, and versions.

Note

Not every object supports all the actions. For example, versions objects are always read-only.

Permissions by role

The following are the default permissions by role:

RoleObjectPermissions
account ownerbackupscreate, read, update, and delete
billingread
cloud accountcreate, read, and update
clusterscreate, read, update, and delete
eventsread
identity providerread
permissionsread
regionscreate, read, update, and delete
rolesread
usersread, update
versionsread
contributorbackupscreate, read, update, and delete
cloud accountcreate, read, and update
clusterscreate, read, update, and delete
eventsread
permissionsread
regionscreate, read, update, and delete
rolesread
usersread, update
versionsread
readerbackupsread
cloud accountread
clustersread
eventsread
permissionsread
rolesread
usersread
versionsread

Users

If you purchased BigAnimal through Azure Marketplace, when you configured your Azure subscription, you also enabled BigAnimal to authenticate users from your organization using Azure AD. Before users become visible in the BigAnimal Users screen, they need to sign in using Azure AD after receiving special emails from your organization.

If you are using your own account, you enabled BigAnimal to authenticate users from your organization using your identity provider. Before users become visible in the BigAnimal Users screen, they need to log in.

New users signed in to BigAnimal have a minimum set of permissions until you assign them a role.

Assign roles to users

  1. Navigate to Admin > Users.

  2. Select the edit icon for the user.

  3. Select Assign Roles.

  4. Select or clear roles for the user.

  5. Select Submit.

Note

For a user's role assignment to take effect, the user must log out from BigAnimal and log in again.

View users

You can view all users from your organization who have logged in at least once.

  1. Navigate to Admin > Users.

  2. View the list of users. You can use search to narrow the list and you can also sort it by name or email.

Example scenario

  1. Tom is the first user and sets up the identity provider. He is granted the account owner role.

  2. Tom invites Jerry and Sally to log in through the organizations identity provider. Both of their accounts in BigAnimal are automatically created with the role of reader.

  3. Tom connects the organization's cloud account to BigAnimal.

  4. Tom grants Sally the contributor role. She can now create BigAnimal clusters.

  5. Sally asks Jerry to log in and grants him the contributor role.

  6. Jerry can now see the clusters that Sally created and can create clusters.

Example scenario for Azure Marketplace

  1. The BigAnimal organization is created, and Tom logs in and is granted the account owner role.

  2. Tom asks Jerry to log in, using his Azure AD account. Jerry's account in BigAnimal is created.

  3. Tom grants Sally the contributor role. Sally can now create BigAnimal clusters.

  4. Sally asks Jerry to log in and grants him the contributor role.

  5. Jerry can now see the clusters that Sally created and can create clusters.