Page tree
Skip to end of metadata
Go to start of metadata

Managers can easily monitor the activity of all users, add more rights to specific users, access their cloud accounts' budget consumption and cloud resources' allocation at any time, lock or unlock individual cloud accounts, adjust the cloud accounts' budgets. The managers can restrict users to specific cloud services, regions , machines, clusters and databases instance types. Managers can also trigger the creation of new active and monitored cloud accounts and grant them to new members at any time. All managers actions are accessible both interactively in the browser and through the RosettaHUB API for advanced use. Software Development Kits allowing programmatic management are provided in Python, R, Java, VBA, etc. Users can share their cloud artifacts using a simple sharing interface requiring only tenants' logins, a group name or an organization name: ie. no need to define complex policies or seek tenants' cloud account IDs. Sharing a cloud storage, a virtual machine image or an IAM account (restricted subaccount) becomes as easy as sharing a folder on Dropbox or a spreadsheet on Google Docs.

Managers have access to different panel under RosettaHUB for account management, new registrants appear in the Registrations panel, after registrants applications are processed they appear in the Users panel. Users can have one or more associated Cloud Accounts which can be managed from the Cloud Accounts panel.

Organizations allow managers to create a custom hierarchy within their institution and assign management rights to researchers/educators/IT that take responsibility of a unit within the institution. The institution is the root parent organization of all sub-organizations within the institution.

Registrations

Registrations are records of researchers, educators, IT managers and students who have applied to get accounts on RosettaHUB and have not been validated/processed yet.

Users can apply using the institution's dedicated website. Only applicants who have validated their email address can be processed. After a registration is processed the user receives an email with their RosettaHUB credentials.

As a manager, here are the actions that you can apply on registrations:

Validation actions

  1. Discard: Marks the registration as discarded, a discarded registration cannot be processed
  2. Keep: Reverses the action of discarding a registration
  3. Destroy: Destroys the registration, the registration is removed from the RosettaHUB database. This action cannot be reverted.

Editing actions

  1. Set Graduation: Sets the graduation year/month of students

  2. Set Type: Sets the type of a registration to Researcher, Educator, IT or Student

  3. Set Title: Sets the title of selected IT or educators

Processing actions

  1. Send Verify Email actions: Sends an email verification reminder to the registrant. Only registrants that have verified their email can be processed.
  2. Process: Triggers a process action on the registration. After a few minutes the user receives an email with his/her RosettaHUB credentials.
  3. Upload registrations: Uploads registrations from a Spreadsheet to the Registrations panel.


Users

Users are institution members that have a RosettaHUB account, they could have one or multiple cloud accounts that are consolidated under the institution's master cloud accounts. Users have a defined access perimeter which are defined by cloud account policies that are managed by RosettaHUB following a RBAC model. The accounts of the users are fully monitored using tools such as AWS Lambda/Cloud Functions, AWS Cloudwatch/GCP alerts, AWS Cloudtrail/GCP sinks etc. Each user also has a default cloud storage, a default network file system and default RosettaHUB keys that help them manage their data and launch instances from the RosettaHUB console.

Organization Managers can take many actions on users which range from giving/removing access, changing budgets to fully administering their accounts if they have SUPERUSER role on the users.


Allowance actions

The users’ perimeter cannot be larger than the one of the institution's CPOC. If you would like to get more permissions for the CPOC account please contact RosettaHUB.

  1. Set Limits: Set limits for a user's cloud accounts: maximum number of machines, maximum storage size etc.
  2. Assign Roles to User: Set a users's assigned roles. Regions, services, and instance types are mapped to RosettaHUB roles, adding or removing such roles changes the allowed perimeter of actions for the user's cloud accounts
  3. Set Allowed Regions: Sets the user's allowed cloud regions
  4. Set Allowed Services: Sets a user's allowed cloud services
  5. Set Allowed Instance Types: Sets the user's allowed machine instance types
  6. Set Allowed DB Instance Types: Sets the user's allowed database instance types

Organization actions:

Managers can add or remove users from sub-organizations on which they have ADMIN or SUPERUSER roles

  1. Add to Organization: Users that are added to an organization see their limits upgraded to the limits of the organization
  2. Remove From Organization: Users that are removed from an organization do not see their limits changed

Email Actions:

  1. Send Credentials: Sends the user a link via email to reset his/her credentials
  2. Update Email: Changes the email of the user, this is only possible if the email associated to the account is marked as invali

Superuser actions:

Actions under Superuser are for managers who have a role of SUPERUSER on the users that they manage.

  1. Get Credentials as Csv: Returns users logins and passwords in a CSV file
  2. Masquerade as: Masquerades as a user, you will be logged in to RosettaHUB as the user, it is not possible to un-masquerade



Cloud Accounts:

Access to accounts

  1. Enable: Enables the access the cloud account and related RosettaHUB artifacts
  2. Disable: Disables the access to the cloud account and related RosettaHUB artifacts





  • No labels