“Access Control” is the process that limits and controls access to resources in Cloudlytics account.
Access controls manage the admittance of users to the system and resources by granting users access only to the specific resources.
When you create a Cloudlytics account, you create a root user account which can be used to login for the first time into Cloudlytics.
When you log in using root user credentials you have complete, unrestricted access to all resources in your Cloudlytics account.
The following section will help you to manage user and permissions to provide secure, limited access to your resources for yourself and newly created users.
In Cloudlytics there are 2 types of users
• Root User
• Sub User
Sub User again can be classified into the following two types
• Sub User with Administrator access
• Sub User with Limited access
All accounts have root user credentials (that is, the credentials of the account owner). These credentials allow full access to all resources in the account. This user is the one who has created an account in Cloudlytics. Depends upon the subscription root user can create the resources(Streams and Compliance) in Cloudlytics. Root User can create Sub User with Administrator access or limited access.
Sub User with Administrator access
Sub User with Administrator Access is a user with privileges that have advanced permission as compare to the Sub-user with limited access that is necessary for the administration of the account. For example, an Administrator user can create new sub-user with Administrator Access or Sub-user with limited access, streams, compliance, visualization etc excepts subscription buying and an account deactivation.
Sub User with Limited access
Sub User with limited access is a user with restricted privileges as compared to another type of users. While creating sub-users with limited access by, root user or administrator user, limits on the resources such as streams and compliance has to be provided. Depending upon the limits granted to sub-user, sub-user with limited access can create streams and compliance.
Note: When Sub-user with Administrator access or Sub-user with Limited access is deleted all the resources configured by those users are reallocated to the root user.
In most of the cases, however, you want to limit a user’s permissions to certain resources only.
By default, a newly created Sub User with limited access has no permissions to do anything. The user is not authorized to perform any operations or to access any resources. For a large number of Sub User with limited access it becomes a tedious job to attach permission to each and every user, So to avoid this, create a group and assign permission to the group and attach Sub User with limited access to those groups.
All Sub Users with limited access should belong to a specific group. In case any sub-user with limited access doesn’t belong to any group then that user is unauthorized to perform any actions and access any resources.
All the permission to access resources within Cloudlytics are attached to groups. So it is recommended that the user belongs to some group.
Now let’s say a company namely ABC using Cloudlytics has 100 employees. Out of 100, only 20 are developers. Out of those 20 developers, let’s say only 10 requires read-only access and others require full access to resources. So instead of assigning permission to each developer, create a group in Cloudlytics account with read-only permission for users who require read-only permission and another group with full access for those users who require full access.
Root user or Administrator user can update the role of the already created user.
To enhance the security, MFA can also be enabled for the with Sub-User with administrator access or Sub-User with limited access.
Group Permission is divided into two main categories as Streams and Compliance.
Streams Permission :
In streams, permission section users can be given following permission
• Read Only: User gets only read-only permission that is user can only see the data but cannot perform a certain operation on the data.
• Stream: User gets full access to the stream operation that is user can pause, rename, delete or regenerate token of the streams.
• Visualization: User gets full access to the visualization operation that is users can create or delete visualization.
• Alerts/Notification: User gets full access to the Alerts/Notification that is users can create or delete alerts/notifications.
Compliance Permission :
In compliance permission, a user can be given following permission
• Read Only: User will get only read-only permission that is user can only see the reports and download them but cannot suppress rules.
• Full access: User gets full access to the compliance that is users can create, update, edit, delete compliance and can suppress rules