Team Administration

Access Control Roles

Every member of an organization has an Organization Role (admin, user) as well as a Default Cluster Role (admin, user, none). The Default Cluster Role is overridable on a cluster-by-cluster basis.

Organization Role

The admin Organization Role enables a member to create clusters, perform all other administrative actions on clusters, and edit both organization and cluster-level access for other members, full stop. This role will override any user-level cluster role settings for the member and grant the member full access to every action one can take on a cluster as well as the organization. Members with the admin organization role have all privileges of the user organization role.

The user role in an organization enables a member to log in and access clusters they have admin or user cluster-level access to, as well as to view organization members.

Default Cluster Role

The Default Cluster Role is the cluster-level role assigned to a member for every cluster that is created in the organization.

The admin Default Cluster Role enables a member to perform management actions on clusters such as pausing, resuming, reconfiguring, deleting, etc. It also enables a member to modify the access control settings for clusters.

The user Default Cluster Role enables a member to access clusters through the web portal or the CLI and can browse experiment history and results, submit workloads, etc. These members however will not be able to create new clusters or perform cluster management such as pausing, resuming, reconfiguring, deleting, etc.

Members with the admin role have all privileges of the user role.

The none Default Cluster Role will prevent a member from accessing any clusters by default. The Default Cluster Role can be overriden on a cluster-by-cluster by selecting "Manage Access" on a cluster card and changing the Cluster Role there.

Editing User Roles

The Members tab in an organization allows organization administrators to add and remove members and modify member Organization Roles and Default Cluster Roles.

Access control settings for a specific cluster can be accessed by members who have the admin role on that cluster (or the organization) by selecting the Manage Access option in the cluster's options menu.

Access Strategies

One strategy to manage access can be to give members the none Default Cluster Role and then overriding access with admin or user roles on a cluster-by-cluster basis, thus enabling access for only a subset of members.

Another strategy to manage access can be to give members the admin or user Default Cluster Role and then update access on a cluster-by-cluster basis, removing access for certain members by overriding the Default Cluster Role with the none role.

Removing Pending Invites

Organization administrators have access to the Invites tab from the Members page. From here administrators can view and cancel pending invites to the organization.

Members cannot modify their own access control roles, even to lower their permissions, in order to ensure organizations cannot lock themselves out. For this reason it is recommended to have two admins for your organization.