User permissions
DoubleCloud has three levels of user roles to perform operations with its entities and resources:
-
Organization - manage access to all the resources (including all the project resources) and perform the actions within the organization.
-
Project - manage access and perform actions with projects and their resources within a certain organization.
Within each level, you have the following permissions to assign:
-
No access - block the user from accessing a service. The user won't have any access to the service's resources, and the service icon won't show in the console interface.
-
Viewer - the user can view the service's page and the resources on it, but can't create or edit any of them.
-
Editor - the user can access the resource page, create, edit and delete its resources.
There are two extra access permissions for the Visualization service:
User role assignment warning
The permissions below provide unrestricted access to all the Visualization assets within a project. Use extreme caution when assigning these roles to users.
-
Supervisor viewer - the user can view all the Visualization assets within the project, but can't create, edit or delete any of them.
-
Supervisor editor - the user can edit or delete all Visualization assets within a project.
Organization level
At this level, users can have the following permissions:
| Service name | Description |
|---|---|
| Clusters | Manage user's access to the ClickHouse® and Apache Kafka® clusters within the organization. |
| Transfer | Manage user's access to the endpoints and transfers within the organization. |
| Visualization | Manage user's access to the collection, workbooks and their assets within the organization. |
| Members | Allow the user to see (Read) or manage (Write) the users for the organization, as well as the users for all the project within the organization. |
| Billing | Manage user's access to the Billing page of the organization and its data. |
Tip
The Organization-level permissions override the project-level ones.
For example, if you assign the Editor role to a user on the organization level, you can't limit them to a Viewer on the project level.
You can see the Organization level permissions in a dedicated column of the Project member roles dialog.
Project level
At this level, users can have the following permissions:
| Service name | Description | Notes |
|---|---|---|
| Clusters | Manage user's access level to all the ClickHouse® and Apache Kafka® clusters within the project. | |
| Transfer | Manage user's access level to all the endpoints and transfers within the project. | |
| Visualization | Manage user's access to the collection, workbooks and their assets within the project. | |
| Members | Allow the user to see (Read) or manage (Write) the users for the project. |