Technical and Product News and Insights from Rackspace
Originally published on September 25, 2019, at ObjectRocket.com/blog
Sharing logins is lame. It’s a necessary evil, however, and there are some scenarios where you just have to. When it comes to Software-as-a-service (SaaS) offerings, it can be a real challenge as teams get larger and you don’t want to give everyone full control. The clear solution is Role-Based Access Control (RBAC), and we’ve enabled RBAC features on our hosting platform.
There are lots of definitions for RBAC, but the National Institute of Standards and Technology (NIST) offers a pretty succinct definition:
“A model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities.”
Pretty simple. Your access to a piece of information or action is based on an assigned role. Let’s look at how this applies to something like Database-as-a-Service. There are a number of obvious things you can do:
There are also some other actions to think about:
Without RBAC, everyone has access to everything. If you can log in, you can do all the things. For example, you might want someone from accounting to be able to view billing and payment information. However, you definitely don’t want to give that person the ability to mistakenly delete a database. That’s where RBAC comes in. You create a role like Billing”, which grants assigned users the ability to view billing information only and do nothing else.
When you first signed up for our service (if you haven’t yet, go check it out at https://app.objectrocket.cloud), the first thing you did was create an organization. An organization is just our way of grouping all of your users together. When you create an account an organization, you become an owner. Congratulations!
Now, by using the RBAC controls in our dashboard UI, you can invite other people to your organization and give them different roles. For now, those roles and privileges are:
|Role||Manage UI Users||Create / Update / Delete Instances||List and view Instances||Manage ACL and DB users||View ACL and DB Users||View Metrics||Manage Billing|
RBAC gives you the ability to specify an owner (or multiple owners) that can do everything, and limit access for the other members of your team. You can have a select few that manage the databases themselves, and give read-only access to the developers that just need to connect to the database from their application. You can give just metrics access to an analyst who only needs to see stats on your databases. Finally, you can limit the access of the book-keepers to only billing information.
This is just a starting point, and we continue to add greater customization.
If you’ve already signed up, or plan to create a new account, you automatically become the owner of your organization. From there, adding new users is as simple as performing the followong steps:
From there, your invited user gets an email. After they click that link in the email and sign up, they show up in your User list.
There are a few cases where you might need to get Support involved, such as trying to invite a user who is already part of another organization, and our Support team is always here to help you.
Check out our RBAC feature!
Use the Feedback tab to make any comments or ask questions. You can also click Sales Chat to chat now and start the conversation.