Permissions and Access

Each Scalarium account you can have multiple users.
Each of this users can be an administrator user, or not.

Admins

Admins have the permissions to manage global things like other users, credentials or SSH keys.
Admins have always access to all information in your account. Try to prevent Admin parties. Just grant this privilege to the people that really need it.

Users

All other user have specific access rights for each cloud in an account.

Access levels are

• The level "none" prevents you from noticing a cloud. You won’t see the cloud or any of it’s children. And of course you can’t trigger any actions or edit things.
• The level "show" lets you see a cloud and all its children, but you are not allowed to take any actions.
• The level "deploy" lets you deploy all applications belonging to this cloud as well as trigger cloud deployments like update cookbooks. You can’t edit the cloud or any child.
• The level "manage" lets you do anything in this cloud. So you can add, start/stop and remove servers, add, edit and remove roles and applications and so on.

Further more you can decide if a user should have SSH access to the servers and if sudo right are granted.

Edit permissions

Admins can edit the Permissions

The tabs let you choose between "Clouds" and "Users". Inside these tabs you are able to change default permissions and concrete permissions.

When you are in the "Clouds" tab, the default permissions are the ones that existing users have to a new cloud.
In the dropdown below you can select a cloud in order to see and edit every user's permissions to that cloud.

When you are in the "Users" tab, the default permissions are the ones that a new user has to existing clouds.
In the dropdown below you can select a user in order to see and edit that user's permissions to every cloud.

For every combination of a user and a cloud we store a permission record.

API

Our API is also aware of permissions. When you try to access a cloud that just doesn't exist, we still respond with HTTP status code 404 and the message "Resource not found".

However, an attempt to access a cloud that you don't have permission for results in a response with status code 403 and message "No permission".