Users, Teams and Access Control
Tideways provides two ways to manage access to your application monitoring data of your organization.
By default your organization allows access to every application for all members.
For more fine-grained access controls, you can create multiple teams inside an organization and assign diferent users and applications to them. The Teams feature is only available for Medium plans (20M+).
Once you have created your first team, the access control mode will switch from "access for all members" to "team-based access control".
Inviting New Users
The first step to share and collaborate on monitoring and profiling data with colleagues is to invite them into your organization. This functionality is only available to administrators of the organization.
In the top-right of the Tideways screen open the dropdown menu and click on "Organizations" to open the settings screens for all your organizations, then select "Users" for the organization that you want to modify.
The following screen will be shown:
You can perform the following operations here:
Invite a new user by entering his e-mail address, select his role in the organization and then press Invite. Stick with the default role "User" for now. You can find details for each role in a dedicated section below.
Invited users get an e-mail with the subject:
You were invited to monitor "AcmeCorp" performance with Tideways
Invited users have to confirm the link inside this e-mail to create their own Tideways account and see your organizations data.
If teams are disabled, the user can directly see all the applications in your organization. If teams are enabled, he will not see any applications in the beginning and you have to assign him at least one team with an application.
Press Resend Activation next to a user that has been invited before, but hasn't confirmed the invitation yet.
Press Remove to remove a user from this organization.
User Roles explained
There are three different user roles in Tideways that includes different capabilities inside an organization:
The "User" role allows a member to view applications, monitoring data, errors, alerts and traces. It is the default role you should assign to developers, sys-admins, external reviewers and non-technical users.
You cannot modify the organization with this role, you cannot see billing information and you can only see a limited amount of details about other users of the organization.
The "Privileged" role has the same access as the "User" role and is allowed to modify some application settings.
The "Admin" role has read and write access to all settings of the organization and its applications. He can see and modify subscription and billing information.
You can configure more fine-grained access controls by using the Teams feature of Tideways where you can assign organization members to teams that can only see a limited set of configured applications. In addition users of a team can only see members of the same team and administrators in the "Users" overview.
The teams feature is optional and only available to users of Medium and Large plans starting at 20M.
To enable the teams feature you must create your first team on the "Users" screen of your organization:
There are two kinds of teams available at the moment:
Manually managed teams allow the user to assign and unassign any user of the organization and grant access to all the organizations applications.
A "Github Synchronized" team uses the
read:orgGithub scope to access teams and users of a Github organization using the Team API. You cannot assign or unassign users from this team, they get automatically invited when they are added to a Github team or removed when they are not in the Github team anymore.
When you have created teams you can see an overview of their assigned applications and users. You can perform the following operation on each team:
Press Edit to change the name of a team. If the team is manually managed you can Assign or Unassign users in this screen as well.
Press Remove to start the workflow of removing the team from your organization. You have to confirm this operation including the option of removing the team users from the organization entirely or keeping them around as members.
Manage Applications for Teams
You can assign each application to one or multiple teams in the "Settings" screen of the application. If teams is enabled in your organization you can find a new settings box on that screen:
Click on Configure on this box to get to a screen where you can Assign and Unassign teams to the selected application.
Synchronize Github Teams
If you are managing your developers and operations people on Github already, then using the Github Team synchronization offers a huge benefit. Instead of micro-managing users in both Github and Tideways, you can synchronize a Github team of an existing organization directly to Tideways and we will keep this synchronization up to date all the time.
Click on Synchronize Github Team in the Users screen of your organization to start the workflow:
In the first step you are redirected to Github to confirm the creation of an OAuth token with the scope
In the second step you can select one from the list of all your Github organizations.
In the third step you can select the team you want to import from the previously selected organization.
In the last step you see all the members of the selected team for verification and can confirm the import.
After verification the team will be created and synchronization of users is started in the background. If the Github user has made his e-mail address public he will get an invitation e-mail. If his email is not public, he cannot be notified of this invitation and you need to make sure they "Login with Github" on
https://app.tideways.io/login to get access to the organization.