Overview

The RightScale Governance module enables you to manage users, user groups, and roles across RightScale accounts.

In the Governance module, roles and accounts are scoped to an Organization, allowing for greater control across multiple RightScale accounts for performing management actions (like setting user roles).

Capabilities

Single pane of glass to IAM

Governance allows you to manage all of the users, accounts, user groups, and access controls across all of your RightScale account in one place. You will no longer see the old permissions page in Cloud Management.

governance_users_list.png

Create and manage User Groups

Organize users into Groups based on your organizational needs or other criteria and assign specific roles to the Groups, simplifying the management of roles across your accounts.

governance_groups_users.png

Role Inheritance

Inheritance is a powerful feature for assigning Roles at the top level, say organization, and then cascading it down to the Group/Account/User level. Roles granted at the organization level will automatically appear at the account level

governance_inheritance.png

Full Auditability

All grants and revokes of privileges are audited centrally with detailed information, showing what change was made and who made the change.

governance_audit_entry.png

Simplified User Roles

Out of the box roles can be given to Users as well as Groups at the account and organization level, providing detailed controls for which users can do what across your accounts.

governance_new_userroles.png

Who can access Governance?

Governance is only accessible to users with enterprise_managers and admin roles. Each role gives the user specific set of access.

Enterprise Managers View

Enterprise Managers get the complete view of the organization and can manage users, groups and roles at the organization as well as accounts level.

governance_managers_view.png

Admin View

Admins only get a view of their account and can manage users, groups and roles at the account level only.

governance_admin_view.png

Known Limitations

  • API 1.5 does not support all Governance operations yet, like Groups. This API only allows management of roles granted directly at the Account level, to a User.

  • Affilation: There may exist some users in your organization user list that do not currently have access to any account in your organization. They exist in this list because at some point in the past they were granted a role or invited to an account. The ability to remove such users is coming soon.