Using team accounts

Using team accounts

Adding new users to your Cloud 66 account is a great way to work in a team, and access rights can be fine-tuned per application. Access levels range from no privileges on an application to full administrative privileges.

User roles and permissions

The account administrator is the only user who can invite other members and change access rights for these members (unless this privilege is granted to another user). There are two types of users - Finance users and Application (stack) users.

Finance users

Finance users only have access to your Payment page, and can change billing information. They will automatically receive email payment notifications (successful and unsuccessful payments) and invoices, but have no access rights to applications.

Note

A finance user still needs to create a standard Cloud 66 account before they can access records or receive invoices and will be prompted via email to do so if they have not already.

You can also opt to simply cc other email addresses whenever invoices are sent to you. To do this:

  1. Open your Dashboard
  2. Click on your account avatar (top-right) and select Account Settings
  3. Click Organizations in the left-hand panel
  4. Click on the name of organization you wish to update
  5. Scroll down to the “Copy invoices to” field and add the addresses (separated by commas)
  6. Click Save

Application users

Application users have access rights to view and manage applications, and (depending on access level) to manage the entire Cloud 66 account.

There are two levels of permissions:

  1. Account-level permissions
  2. Application (AKA stack) level permissions

Account-level permissions

These permissions are focused on global account settings like managing users, adding or removing cloud providers and setting notifications.

To set these permissions for a user:

  1. Log into your Cloud 66 Dashboard
  2. Click your avatar and then Account Settings
  3. Click Teams
  4. Click the edit icon next to the user in question
  5. Check or uncheck permissions as needed
  6. Click Save Changes

You can also use this page to manage application-level permissions (see below).

Application-level permissions and roles

Every user has a set of permissions explicitly assigned for applications, regardless of their account-level permissions. These are assigned when a user is added. If no permissions are added, the user will have no access to applications. Application permissions are set via roles.

You can specify the exact access rights you would like to grant a user per application by choosing a role for them. The available roles are:

The owner of an account always has the maximum permissions for all applications and does not need to be assigned any roles.

The Administrator role has permissions to everything and the other default roles have the following permissions:

Role / Perms Viewer Deployer Dev Ops Power
View App
Deploy App  
Edit App    
Shell to Servers      
Delete App        
App Admin          
View service.yml
Edit service.yml    
View manifest.yml
Edit manifest.yml    
View Firewall Rules
Edit Firewall Rules    
View Network Redirects Settings
Edit Network Redirects Settings    
View Network Traffic Settings    
Edit Network Traffic Settings    
View ActiveProtect
View Environment Variables
Edit Environment Variables    
View App Info
Edit App Info    
View Deploy History
Revert Deployment    
Edit Notification Channels          
View Live Logs
Remove Add-ins    
Edit Stack Settings    
Scale Stack    
Download SSH Key      
Download SSL Cert          
Manage Containers        
Access APN    

These roles can be edited, and custom roles can also be created. We recommend creating custom roles rather than editing the defaults. The account owner always has full access to all settings on all applications.

By definition, any user with access to an application will automatically be given the rights for the lower levels of permissions. For example, a user who can deploy an application will also be able to view the same application.

Assigning application roles to a user

To assign a user permissions for an application:

  1. Log into your Cloud 66 Dashboard
  2. Click your avatar and then Account Settings
  3. Click Teams
  4. Click the edit icon next to the user in question
  5. Scroll down to find the application in question and click on the multi-select box
  6. Choose the role you want the user to have for the application
  7. Click Save Changes

You can also quickly assign a user the same role on all your application by clicking on the Default Roles multi-select, selecting the desired role and then clicking the Copy roles to ALL existing Applications link. This will also set the user to use this default role for any new applications created on the account.

Creating and editing roles

You can customize the default permissions for the existing roles (not recommended) or create custom roles for your account.

To create a custom role:

  1. Log into your Cloud 66 Dashboard
  2. Click your avatar and then Account Settings
  3. Click Teams
  4. Click the Roles & Permissions tab (top of the main panel)
  5. Click the green + button to add a role
  6. Give it a name and click Save Role

To edit the permissions for a role:

  1. Follow 1 - 4 above
  2. Scroll down and use the dropdown to select the role to edit
  3. Check the boxes next to the permissions you wish to add (or remove)

🚨 Editing the permissions for a role will change the permissions for all existing users assigned that role. Be cautious when doing so.

Add a new user (team member)

  1. Open your Dashboard
  2. Click on your account avatar (top-right) and select Account Settings
  3. You need to give your team a name before inviting other members. This is the same as your Company name on the Payments page. If you already have entered a company name, you will skip this part.
  4. Click on Team in the left-hand panel
  5. Click the + button in the top right corner. This will allow you to choose a user type (Application or Finance user), input an email address and set the users permissions and its default role for applications.

An email will be sent to the email address specified, giving this user the option to sign up for Cloud 66 with their specified email address. If the invited email already has a Cloud 66 account, they will be notified of the pending invitation. By accepting the invitation, they will join your team.

Deleting user accounts & teams

If you are the owner of an account you can remove (delete) secondary accounts from your (primary) organization and also delete any teams under that organization.

To delete users:

  1. Open your Dashboard
  2. Click on your account avatar (top-right) and select Account Settings
  3. Click Teams in the left-hand panel
  4. Click the red remove icon next to the users you want to remove (and confirm each one)

To delete teams:

  1. Follow steps 1 - 3 above
  2. Click the red remove icon next to the names of the teams you wish to delete

Switch organizations

If you are part of several organizations, you will have to switch organization to see applications that belong to a different organization.

To switch between organizations, click on your account avatar (top-right) and and select the name of the organization you would like to switch to.

Leave a team

To leave a team, visit the Account Settings page, then click Organizations. Next, find the organization you would like to leave, and click the Leave button.

You cannot leave your primary organization (the one you own).