Users, Teams and Access Control
Tideways provides two ways to manage access to the application monitoring data of your organization:
-
By default, your organization allows access to every project for all members.
-
For more fine-grained access control, you can create multiple teams inside an organization, and assign different users and projects to them.
Once you have created your first team, the access control mode will switch from "Access for all members" to "Team-based access control".
Inviting New Users
The first step to share and collaborate monitoring and profiling data with colleagues, is to invite them into your organization. This functionality is only available to administrators of the organization.
In the top-right of the Tideways screen, open the dropdown menu and click Organizations to open the settings screens for all your organizations. Then, click Users, for the organization that you want to modify.
The following screen will be shown:
You can perform the following operations here:
- Invite New Users to Your Organization
-
To invite a new user, enter their e-mail address, select their role in the organization, and click Invite. We recommend sticking with the default role ("User"), for now. You can find details for each role in a dedicated section below. Invited users get an e-mail with the subject:
You were invited to monitor "AcmeCorp" performance with Tideways
Invited users have to confirm the link inside this e-mail to create their own Tideways account and see your organization’s data. If teams are disabled, the user can directly see all the projects in your organization. If teams are enabled, he will not see any projects in the beginning and you have to assign him at least one team with a project.
- Resend Activations
-
To do this, press Resend Activation next to a user that has been invited, but hasn’t confirmed their invitation.
- Remove Users
-
Click Remove to remove a user from this organization.
User Roles explained
There are three different user roles in Tideways, which have different capabilities inside an organization. These are:
- User
-
The user role allows a member to view projects, monitoring data, errors, alerts and traces. It is the default role which you should assign to developers, system administrators, external reviewers, and non-technical users. You cannot modify the organization with this role, and you cannot see billing information. However, you can see a limited amount of details about other users of the organization.
- Privileged
-
The privileged role has the same access as the user role, and is allowed to modify some project settings.
- Admin
-
The admin role has read and write access to all settings of the organization and its projects. This role can see and modify subscription and billing information.
Manage Teams
You can configure more fine-grained access controls by using the Teams feature of Tideways where you can assign organization members to teams that can only see a limited set of configured projects. In addition, team members can only see members of the same team and administrators in the "Users" overview.
The teams feature is optional. |
To enable the teams feature, you must create your first team on the "Users" screen of your organization:
There are two kinds of teams available at the moment:
- Manually managed teams
-
Manually managed teams allow the user to assign and un-assign any user of the organization and grant access to all the organizations projects.
- GitHub Synchronized teams
-
A GitHub Synchronized team uses the
read:org
GitHub scope to access teams and users of a GitHub organization, using the Team API. You cannot assign or un-assign users from this team, they are automatically invited when they are added to a GitHub team or removed when they are no longer in the GitHub team. When you have created teams, you can see an overview of their assigned projects and users.
Manage Projects for Teams
You can assign each project to one or multiple teams in the "Settings" screen of the project. If teams is enabled in your organization, you can find a new settings box on that screen:
Click on Configure on this box to get to a screen where you can Assign and Unassign teams to the selected project.
Synchronize GitHub Teams
If you are already managing your developers and operations people on GitHub, then using the GitHub Team synchronization offers a significant benefit. Instead of micro-managing users in both GitHub and Tideways, you can synchronize a GitHub team of an existing organization directly to Tideways and we will automatically keep this synchronization up to date.
To do this, click Synchronize GitHub Team in the Users screen of your organization, to start the workflow:
-
In the first step, you are redirected to GitHub to confirm the creation of an OAuth token with the scope
read:org
. -
In the second step, you can select one from the list of all your GitHub organizations.
-
In the third step, you can select the team you want to import from the previously selected organization.
-
In the last step, you see all the members of the selected team for verification and can confirm the import.
After verification, the team will be created and synchronization of users is started in the background.
If the GitHub user has made his e-mail address public, he will get an invitation e-mail.
If his email is not public, he cannot be notified of this invitation and you need to make sure they "Login with GitHub" on https://app.tideways.io/login
, to get access to the organization.