RUAL Documentation

User Access Management (UCM)

Within your cluster, you have the capability to create various types of users, each specifically tailored for roles such as developers, customers, or visitors.

Users Overview

In the RUAL Studio, when you access the All users section from the left-side menu, you will find a comprehensive list of all active users within your cluster. Users marked with a * (star) symbol possess full access to all resources within the cluster, subject to any specific settings enabled or disabled on their accounts.

Permissions

This section details each permission available in the RUAL Studio and its specific function.

  • Cluster Admin: This permission is typically granted to a select few who require complete access to all resources within the cluster.
  • Blueprints: All Access: Grants the ability to view and remove any blueprint. This permission is exclusively available to developers.
  • Wildcard Scope: Provides comprehensive access to any Cluster, custom API, and custom page created in RUAL. This is essential for developers to create new resources.
  • Staging Developer: Enables a developer to view, modify, and simulate blueprints.
  • Production Developer: Allows a developer to view, modify, and deploy blueprints to production.
  • Blueprints: Production Run: Controls the Run: Production feature in play mode within blueprints.
  • Blueprints: Can Activate: Grants access to activate or deactivate blueprints.
  • Blueprints: Remove: Enables users to remove blueprints, with all actions recorded in the audit log.
  • Manage User Permissions: Required to manage other users' permissions. Users without this cannot modify accounts with higher permissions.
  • Manage System Settings: Allows users to modify, view, and create system settings. Access to secured system settings is logged.
  • Manage Storages: Permits users to create, update, or delete storages within blueprints.
  • Manage Domains: Enables users to create, update, or delete domains within the cluster.

Settings

Settings in RUAL provide fine-grained control and customization options for various user accounts. While some settings align with permissions discussed earlier, there are some distinct ones worth noting.

Key Description
allow_login_as_user When this setting is enabled [on], it grants the ability to utilize the user signin as function for user accounts. If this setting is not enabled for an account, you won't be able to employ the user signin as function within blueprints for that account. Please note that this setting cannot be enabled for accounts with the is_root_user setting enabled.
is_root_user This setting is enabled for user accounts designated as cluster administrators. Such accounts enjoy additional security measures against login attacks, password forget requests, and sign-in functionality.
setting_manage_users User accounts with this setting set to on have the authority to configure the allow_login_as_user setting for other accounts. If the target account already exists, only users with this setting enabled can configure it.

Example object of settings data

User Settings
{ "settings": [ { "key": "allow_login_as_user", "value": "off" }, { "key": "is_root_user", "value": "on" } ] }