Users, Teams and Access Control
Tideways provides two ways to manage access to the application monitoring data of your organization:
By default, your organization allows access to every project for all members.
For more fine-grained access control, you can create multiple teams inside an organization, and assign different users and projects to them.
Once you have created your first team, the access control mode will switch from "Access for all members" to "Team-based access control".
The first step to share and collaborate monitoring and profiling data with colleagues, is to invite them into your organization. This functionality is only available to administrators of the organization.
In the top-right of the Tideways screen, open the dropdown menu and click Organizations to open the settings screens for all your organizations. Then, click Users, for the organization that you want to modify.
The following screen will be shown:
You can perform the following operations here:
- Invite New Users to Your Organization
To invite a new user, enter their e-mail address, select their role in the organization, and click Invite. We recommend sticking with the default role ("User"), for now. You can find details for each role in a dedicated section below. Invited users get an e-mail with the subject:
You were invited to monitor "AcmeCorp" performance with Tideways
Invited users have to confirm the link inside this e-mail to create their own Tideways account and see your organization’s data. If teams are disabled, the user can directly see all the projects in your organization. When inviting users into a team based access organization, you can select the team to invite the user into during invitation.
- Resend Activations
To do this, press Resend Activation next to a user that has been invited, but hasn’t confirmed their invitation. Invitations can only be re-sent 3 times to a user that has previously denied the invitation.
- Remove Users
Click Remove to remove a user from this organization.
There are three different user roles in Tideways, which have different capabilities inside an organization. These are:
The user role allows a member to view projects, monitoring data, errors, alerts and traces. It is the default role which you should assign to developers, system administrators, external reviewers, and non-technical users. You cannot modify the organization with this role, and you cannot see billing information. However, you can see a limited amount of details about other users of the organization.
The privileged role has the same access as the user role, and is allowed to modify some project settings, modify integrations and invite users with the "user" role.
The admin role has read and write access to all settings of the organization and its projects. This role can see and modify subscription and billing information, create new projects, delete them or change their license.
Users can manage their invitations to organizations from the "Invitations" screen in the user settings. An invitation can be accepted, after which the user has access to the organization, or rejected when the user does not wish to have access to the organization.
Both open and past invitations are shown in the invitation settings screen.
A denied invitation can be re-sent for a total of three times before Tideways prevents further invitations to organizations that access was rejected for.
You can configure more fine-grained access controls by using the Teams feature of Tideways where you can assign organization members to teams that can only see a limited set of configured projects. In addition, team members can only see members of the same team and administrators in the "Users" overview.
|The teams feature is optional.|
To enable the teams feature, you must enable team based access on the "Users" screen of your organization by clicking on the button:
There are two kinds of teams available at the moment:
- Manually managed teams
Manually managed teams allow the user to assign and un-assign any user of the organization and grant access to all the organizations projects.
- GitHub Synchronized teams
A GitHub Synchronized team uses the Github Installation token to access teams and users of a GitHub organization, using the Team API. You cannot assign or un-assign users from this team, they are automatically invited when they are added to a GitHub team or removed when they are no longer in the GitHub team. When you have created teams, you can see an overview of their assigned projects and users.
Click Edit to change the name of a team. If the team is manually managed, you can Assign or Unassign users in this screen as well.
You can assign each project to one or multiple teams in the "Settings" screen of the project. If teams is enabled in your organization, you can find a new settings box on that screen:
Click on Configure on this box to get to a screen where you can Assign and Unassign teams to the selected project.
If you are already managing your developers and operations people on GitHub, then using the GitHub Team synchronization offers a significant benefit. Instead of micro-managing users in both GitHub and Tideways, you can synchronize a GitHub team of an existing organization directly to Tideways and we will automatically keep this synchronization up to date.
To do this, first connect your organization to a Github organization, by clicking "Connect Github" on the integrations screen:
This will take you to the installation screen of github, where you can select which organization you want to install this on:
Then you can synchronize Github Teams by clicking on the button:
You can then select the Github teams you would like to synchronize:
In the first step, if you did not connect a github organization to your organization, you will be redirected to do that.
In the second step, you can select the team you want to import from the selected organization.
In the third step, you see all the members of the selected team for verification.
In the last step, you can choose projects your team member should have access to and can confirm the import.
After verification, the team will be created and synchronization of users is started in the background.
If the GitHub user has made his e-mail address public, he will get an invitation e-mail.
If his email is not public, he cannot be notified of this invitation and you need to make sure they "Login with GitHub" on
https://app.tideways.io/login, to get access to the organization.