forked from cloudfoundry/docs-cloudfoundry-concepts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathroles.html.md.erb
89 lines (60 loc) · 2.67 KB
/
roles.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
---
title: Orgs, Spaces, Roles, and Permissions
---
Cloud Foundry uses role-based access control (RBAC), with each role granting
permissions in either an org or a space.
## <a id='orgs'></a>Orgs ##
An org consists of users grouped together for management purposes.
All members of an org share a resource quota plan, services availability, and
custom domains.
## <a id='spaces'></a>Spaces ##
Every application and service is scoped to a space.
Each org contains at least one space.
A space provides a set of users access to a shared location for application
development, deployment, and maintenance.
Each space role applies only to a particular space.
## <a id='roles'></a>Roles and Permissions ##
A user can have one or more roles.
The combination of these roles defines the user’s overall permissions in the org
and within specific spaces in that org.
### <a id='org-roles'></a>Org Roles and Permissions ###
####Org Manager ####
Assign this role to managers or other users who need to administer the account.
An Org Manager can:
* Add and manage users
* View users and edit org roles
* View the org quota
* Create, view, edit, and delete spaces
* Invite and manage users in spaces
* View the status, number of instances, service bindings, and resource use of each application in every space in the org
* Add domains
####Org Auditor ####
Assign this role to people who need to view but not edit user information and
org quota usage information.
An Org Auditor can:
* View users and org roles
* View the org quota
### <a id='space-roles'></a>Space Roles and Permissions ###
####Space Manager ####
Assign this role to managers or other users who need to administer a space.
A Space Manager can:
* Add and manage users in the space
* View the status, number of instances, service bindings, and resource use of each application in the space
####Space Developer ####
Assign this role to application developers or other users who need to manage
applications and services in a space.
A Space Developer can:
* Deploy an application
* Start or stop an application
* Rename an application
* Delete an application
* Create, view, edit, and delete services in a space
* Bind or unbind a service to an application
* Rename a space
* View the status, number of instances, service bindings, and resource use of each application in the space
* Change the number of instances, memory allocation, and disk limit of each application in the space
* Associate an internal or external URL with an application
####Space Auditor ####
Assign this role to people who need to view but not edit the space.
A Space Auditor can:
* View the status, number of instances, service bindings, and resource use of each application in the space