Organization ​

When a customer first sign up to Cloud-IAM, a default organization with a random generated name is created and associated to its Cloud-IAM account. The customer is automatically granted as the Owner role of this organization.

Subscriptions are attached to the organization, which make it easy to transfer to other persons, but can't be attached on different organizations.

Roles ​

The roles of the users are defined at the Organization level. This implies that a granted user can operate on all the deployments attached to the organization.

Owner ​

This role can do everything about the deployments and the organization settings.

• ✅ Manage deployment configuration
• ✅ Manage custom extensions of deployments
• ✅ Read metrics of deployments
• ✅ Manage organization settings
• ✅ Manage organization members

Editor ​

This role is suitable for operational or developer.

• ✅ Manage deployment configuration
• ✅ Manage custom extensions of deployments
• ✅ Read metrics of deployments
• ❌ Manage organization settings
• ❌ Manage organization members

Custom extensions ​

This role is used by service-account to manage the custom extensions that are build by a CI.

• ❌ Manage deployment configuration
• ✅ Manage custom extensions of deployments
• ❌ Read metrics of deployments
• ❌ Manage organization settings
• ❌ Manage organization members

Monitoring ​

This role is used by service-account to gather logs and metrics.

• ❌ Manage deployment configuration
• ❌ Manage custom extensions of deployments
• ✅ Read metrics of deployments
• ❌ Manage organization settings
• ❌ Manage organization members