DoubleCloud resource model
The organization is the root node in the DoubleCloud resource hierarchy. It's the hierarchical ancestor to the project, the billing account, project resources, and project members.
You can see the overview of the DoubleCloud resource model in the following diagram:
Organization level
When the user creates an account, DoubleCloud automatically creates their organization.
Organization-wide user permissions and access
The user who created an organization becomes its first member. Now, this user can create projects, user federations and invite other users to the organization.
Organization billing
When creating a project, a Billing account is automatically created alongside and associated with it. A DoubleCloud organization can have precisely one Billing account provisioned with it.
Once a resource is created on the project, it's automatically linked to this Billing account. It's impossible to create a project that isn't associated with a Billing account.
Project level
A project contains resources:
- ClickHouse® and Apache Kafka® clusters,
- Transfers,
- Visualization entities: collections, workbooks, connections, datasets and charts.
Project roles and access
A project owner can assign permissions to users. The user permissions assigned to users of the project apply to all the resources within the project.
By default, all resources inside the project are accessible the organization owner and admins. The project owner manages access rights to the project and its resources for organization viewers. For more information, see User permissions.
Benefits of the DoubleCloud resource model
With a unified structure, all the information on the organization and its projects is accessible from the DoubleCloud console. What's more, the organization owner has complete control over the organization members and all the projects, their resources and users. This configuration means there can be no shadow resources or unauthorized rogue administrators.
You can also grant members roles at the organization level. This allows organization members to view and/or manage any projects and resources without having to grant roles for individual resources or resource types.