Skip to main content

Organization Management

You can use the Organization Management user interface (UI) to perform administrative tasks within Chef 360 Platform (including User and Role Management).

User Management

All of the users in the organization are visible on the User Management screen. The Users table contains the Email, DSM Username, Name, Role, Status, and Actions columns.

Note

Use the DSM Username to run Knife CLI commands. This is equivalent to node_name in the Knife set up documentation.

To export the Users table in CSV format, select Export at the top-right of the table. Exported data is limited to a maximum of 100 records.

Organization Management UI showing table of users with the email address, name, roles, status, and actions.

Invite user

To invite new users to view the organization, follow these steps:

  1. Select Invite User.

  2. Enter the user’s email address in the Email ID text box.

  3. In the Assign Role field, select the required role (or roles). The role determines the user’s permissions. You can add more than one role for a user.

  4. Select +Add More to invite more users.

  5. Select Send Invite to invite the users.

Invite Users pane showing a user’s email address and roles assigned to the user.

Disable/Remove a user

Using the actions menu in the Actions column, you can perform the following actions:

  • Update Role
  • Disable User
  • Remove User

Update a role

To update a user’s role, follow these steps:

  1. Select the three dots in the Actions Column.

  2. Select Update Role.

  3. Add or remove roles in the New Role column.

  4. Select Save.

Disable a user

To disable the user, follow these steps:

  1. Select the three dots in the Actions Column.

  2. Select Disable.

  3. Select Disable User.

The disabled user won’t have access to Chef 360 Platform. You can enable the user to provide them with access again, if required.

Remove a user

To remove a user, follow these steps:

  1. Select the three dots in the Actions Column.

  2. Select Remove.

  3. Select Remove User.

The removed user won’t have access to Chef 360 Platform. You can add the user again to provide them with access, if required.

Once you have performed the action, the organization user management table will be updated.

View user details

To view a user’s details, select the user. The page shows the user’s Email ID, Name, and Roles. Buttons at the top right of the page allow you to remove or disable a user, or update a user’s role.

Role management

The Role Management page shows all the existing roles. The table shows the Role Name, Type, Status, and Actions columns.

Role Management window showing a table of roles, role types, statuses, and actions.

Roles in Chef 360 Platform allow you to adopt predefined system roles or create your own custom roles.

System roles

Chef 360 Platform has six default roles. These are:

  • tenant-admin
  • tenant-viewer
  • org-admin
  • org-viewer
  • node-manager
  • courier-operator

tenant-admin role

The tenant-admin role is only given to the first user of the organization. The tenant-admin role user has all permissions in a tenant and is able to perform all actions, such as:

  • Add, update, and delete users.
  • Create, update, delete, enable, and disable organizations.
  • Enrol nodes.
  • Create and manage node lists and filters.
  • Create and run Courier jobs.
  • View job run details.
  • Create new tenants.
  • Perform tenant-level actions in the system.
  • View the list of organizations present under a tenant.
  • View all users within a tenant and perform actions under it.
  • Load licenses.

tenant-viewer role

The tenant-viewer role is similar to the tenant-admin role, but with limited permissions. The tenant-viewer role user can only view the tenant and its organizations, and can’t edit or change them.

org-admin role

Theorg-admin role user has permission to:

  • Create a new organization.
  • Invite new users to the organization.
  • Create new roles and policies.

org-viewer role

The org-viewer role is similar to the org-admin role but only provides view access. The org-viewer role user can’t edit or change the organization.

node-manager role

The node-manager role user has permission to:

  • Perform enrollment.
  • View their nodes.
  • Create new filters and node lists.

courier-operator role

The courier-operator role user has permission to:

  • Run everything in Courier. For example, create a job and view previous jobs.
  • View nodes in node management.
  • Save a Node List.
  • Create Courier jobs.

Custom roles

To create a custom role, follow these steps:

  1. Select Create New Role.

  2. Enter a name for the role in the Role Name text box.

  3. Select Include Policy.

  4. Select the policies to include.

  5. Select Include Selected.

  6. Select Save.

Delete or disable a role

Click the three dots in the Actions column to disable or delete a role.

Disable a role

To disable the role, follow these steps:

  1. Select the three dots in the Actions Column.

  2. Select Disable.

  3. Select Disable Role.

Delete a role

To delete the role, follow these steps:

  1. Select the three dots in the Actions Column.

  2. Select Delete Role.

Once you have performed the action, the organization role management table will be updated.

View role details

To view details of a particular role, select it in the table. The Role Details page shows the policy details for the role. The Policies table contains the PolicyName, Type, and Status.

Policy management

In Chef 360 Platform, there is a hierarchy of user permissions to access the environment. Users are invited and assigned a specific role. Each role comprises a set of policies.

Policies define:

  • The actions a user is allowed to perform
  • The endpoints where these actions are permitted

Chef 360 Platform has a number of System Policies and you can also create custom User Policies.

On the Policy Management page, you can view the System Policies and User Policies by selecting the appropriate option.

You can select a policy to view the:

  • Policy Information
  • Description
  • JSON code

You can delete or edit a custom user policy by selecting the relevant button on the Policy Details page.

You can also Copy the JSON code.

The Policies table includes the following columns:

  • Policy Name
  • Type
  • Status

You can also Update and Delete the existing User Policies using the Actions column on the Policy Management page.

Create a new policy

Users with org-admin or tenant-admin roles can create custom User Policies.

To create a new policy using the Chef 360 Platform UI, follow these steps:

  1. Go to Organization Management.

  2. Select Policy Management from the menu on the left.

  3. Select Create New Policy.

  4. Enter a Name for the policy.

  5. Enter a Description of the policy.

  6. You can specify one or more Statements. Select the Action (Allow or Deny). You can select Add Statement to add another statement or Delete Statement to remove one.

  7. Select one or more Verbs (or methods) to allow or deny.

  8. Specify one or more Routes (or Application Programming Interface (API) endpoints) to limit the allowance/denial to the routes specified. Refer to the Chef 360 Platform API documentation for a list of endpoints.

    Note

    You can enter an asterisk (*) in the Routes field as a wildcard character (for all routes/endpoints).

  9. Select Add Variable to add variable names and values to provide more fine-grained controls. For example, to disallow editing of certain node lists, you could add a Deny statement with the variable Name of nodeListIds with the value containing the node IDs to restrict access to. If a user with the relevant role tries to edit these role lists, they get a 403 Forbidden error.

Thank you for your feedback!

×