The RightScale Governance module enables you to manage users, user groups, and roles across RightScale accounts.
In the Governance module, roles and accounts are scoped to an Organization, allowing for greater control across multiple RightScale accounts for performing management actions (like setting user roles).
Organization is new concept we have introduced to help you manage multiple accounts within your company. For existing customers, we have automatically created an Organization based on your Enterprise Master account.
Single pane of glass to IAM
Governance allows you to manage all of the users, accounts, user groups, and access controls across all of your RightScale account in one place. You will no longer see the old permissions page in Cloud Management.
Create and manage User Groups
Organize users into Groups based on your organizational needs or other criteria and assign specific roles to the Groups, simplifying the management of roles across your accounts.
Ensure Group names are unique and do not contain special characters.
Inheritance is a powerful feature for assigning Roles at the top level, say organization, and then cascading it down to the Group/Account/User level. Roles granted at the organization level will automatically appear at the account level
All inherited roles are shown explicitly and can only be modified at the level they were assigned.
enterprise_manager can only be granted at the organization level whereas role
admin can only be granted at the account level.
All grants and revokes of privileges are audited centrally with detailed information, showing what change was made and who made the change.
Simplified User Roles
Out of the box roles can be given to Users as well as Groups at the account and organization level, providing detailed controls for which users can do what across your accounts.
Who can access Governance?
Governance is only accessible to users with
admin roles. Each role gives the user specific set of access.
Enterprise Managers View
Enterprise Managers get the complete view of the organization and can manage users, groups and roles at the organization as well as accounts level.
Admins only get a view of their account and can manage users, groups and roles at the account level only.
API 1.5 does not support all Governance operations yet, like Groups. This API only allows management of roles granted directly at the Account level, to a User.
Affilation: There may exist some users in your organization user list that do not currently have access to any account in your organization. They exist in this list because at some point in the past they were granted a role or invited to an account. The ability to remove such users is coming soon.