Permissions and Roles
Controlling Access
In Nimbul, user access is controlled in several ways:
| Setting/Type | Description |
| Roles | The “admin” role gives a user access to all Nimbul features and settings, including user account administration and other system administration. This role is assigned in the user administration area. For details, see Managing User Accounts. |
|---|---|
| Access Rules | Users can be given administrator access to provider accounts and clusters. Access rules are set in the user administration area. For details, see Managing User Accounts. |
| Firewall Rules | Users can be granted access to provider accounts based on IP ranges or Amazon Web Services account IDs. For details, see Setting Up Firewall Rules. |
| Security Groups | Security groups can be configured to apply sets of firewall rules to provider accounts and servers. For details, see Managing Security Groups. |
| SSH Access | Users can be granted SSH access to all instances associated with a specific server profile. For details, see Setting Up SSH Access. |
User Types
Each Nimbul user can be thought of as one of the following types:
| User Type | Description |
| Nimbul Administrator | Users with the admin role enabled in the user administration area. These users are “system administrators” and can fully manage all other users’ roles and access rules. |
|---|---|
| Provider Account Administrator | Users who have been given administrator access to a provider account in the user administration area (under “access rules”). These users can add or remove other provider account administrators and cluster administrators. |
| Cluster Administrator | Users who have been given administrator access to a specific cluster (under access rules). These users can add or remove other cluster administrators. |
| Nimbul User | Users who have SSH access to instances that belong to a particular server. These users can connect to instances and restart them but cannot launch new instances. |
Note: Any Nimbul user can add a new provider account to the system, effectively becoming an administrator for that provider account.
The rest of this page provides more information about each user type.
Nimbul Administrators
Nimbul Administrators can be thought of as “system” administrators. They manage and maintain Nimbul itself rather than focusing on managing cloud account activity. Nimbul administrators typically perform the following tasks:
- Managing Nimbul user accounts
- Enabling and configuring new accounts
- Analyzing system information, such as message queues and daemons
Provider Account Administrators
Provider account administrators manage individual cloud provider accounts. They have unrestricted access to all aspects of the provider account and typically perform the following tasks:
- Creating clusters and granting clusters access to provider account resources (such as IP addresses and storage)
- Creating and managing security groups, firewall rules (including managing a master firewall list across all security groups) and master public keys
- Configuring account DNS records and managing hostnames and leases
- Configuring environment variables and startup scripts for the account
- Designating other provider account administrators
Note: Any Nimbul user can add a new provider account to the system, effectively becoming an administrator for that provider account.
Cluster Administrators
In most Nimbul configurations, the cluster administrator is the “basic” user level. Users who have administrative access to a cluster can perform the following tasks:
- Adding servers
- Creating and managing server profiles
- Launching and terminating instances
- Configuring environment variables and startup scripts for the cluster
- Configuring environment variables and startup scripts for server profiles within the cluster
- Managing server DNS
- Designating other cluster administrators
Cluster administrators cannot create new clusters or perform other tasks at the provider account level — unless the cluster administrator adds a new provider account to the system, effectively becoming an administrator for that account. For more information, see Managing Provider Accounts.
Related Topics
End of section. Next section: Provider Accounts »