Users, Teams and Access Control

Tideways provides two ways to manage access to the application monitoring data of your organization:

  1. By default, your organization allows access to every application for all members.

  2. For more fine-grained access control, you can create multiple teams inside an organization, and assign different users and applications to them.

Once you have created your first team, the access control mode will switch from "Access for all members" to "Team-based access control".

Inviting New Users

The first step to share and collaborate monitoring and profiling data with colleagues, is to invite them into your organization. This functionality is only available to administrators of the organization.

In the top-right of the Tideways screen, open the dropdown menu and click Organizations to open the settings screens for all your organizations. Then, click Users, for the organization that you want to modify.

The following screen will be shown:

image

You can perform the following operations here:

Invite New Users to Your Organization

To invite a new user, enter their e-mail address, select their role in the organization, and click Invite. We recommend sticking with the default role ("User"), for now. You can find details for each role in a dedicated section below. Invited users get an e-mail with the subject:

You were invited to monitor "AcmeCorp" performance with Tideways

Invited users have to confirm the link inside this e-mail to create their own Tideways account and see your organization’s data. If teams are disabled, the user can directly see all the applications in your organization. If teams are enabled, he will not see any applications in the beginning and you have to assign him at least one team with an application.

Resend Activations

To do this, press Resend Activation next to a user that has been invited, but hasn’t confirmed their invitation.

Remove Users

Click Remove to remove a user from this organization.

User Roles explained

There are three different user roles in Tideways, which have different capabilities inside an organization. These are:

User

The user role allows a member to view applications, monitoring data, errors, alerts and traces. It is the default role which you should assign to developers, system administrators, external reviewers, and non-technical users. You cannot modify the organization with this role, and you cannot see billing information. However, you can see a limited amount of details about other users of the organization.

Privileged

The privileged role has the same access as the user role, and is allowed to modify some application settings.

Admin

The admin role has read and write access to all settings of the organization and its applications. This role can see and modify subscription and billing information.

Manage Teams

You can configure more fine-grained access controls by using the Teams feature of Tideways where you can assign organization members to teams that can only see a limited set of configured applications. In addition, team members can only see members of the same team and administrators in the "Users" overview.

The teams feature is optional.

To enable the teams feature, you must create your first team on the "Users" screen of your organization:

image

There are two kinds of teams available at the moment:

Manually managed teams

Manually managed teams allow the user to assign and un-assign any user of the organization and grant access to all the organizations applications.

GitHub Synchronized teams

A GitHub Synchronized team uses the read:org GitHub scope to access teams and users of a GitHub organization, using the Team API. You cannot assign or un-assign users from this team, they are automatically invited when they are added to a GitHub team or removed when they are no longer in the GitHub team. When you have created teams, you can see an overview of their assigned applications and users.

Available Team Operations

Editing a Team

image

Click Edit to change the name of a team. If the team is manually managed, you can Assign or Unassign users in this screen as well.

image

Removing a Team

Press Remove to start the workflow of removing the team from your organization. You have to confirm this operation, including the option of removing the team users from the organization entirely or keeping them around as members.

Manage Applications for Teams

You can assign each application to one or multiple teams in the "Settings" screen of the application. If teams is enabled in your organization, you can find a new settings box on that screen:

image

Click on Configure on this box to get to a screen where you can Assign and Unassign teams to the selected application.

image

Synchronize GitHub Teams

If you are already managing your developers and operations people on GitHub, then using the GitHub Team synchronization offers a significant benefit. Instead of micro-managing users in both GitHub and Tideways, you can synchronize a GitHub team of an existing organization directly to Tideways and we will automatically keep this synchronization up to date.

To do this, click Synchronize GitHub Team in the Users screen of your organization, to start the workflow:

image

  • In the first step, you are redirected to GitHub to confirm the creation of an OAuth token with the scope read:org.

  • In the second step, you can select one from the list of all your GitHub organizations.

  • In the third step, you can select the team you want to import from the previously selected organization.

  • In the last step, you see all the members of the selected team for verification and can confirm the import.

After verification, the team will be created and synchronization of users is started in the background. If the GitHub user has made his e-mail address public, he will get an invitation e-mail. If his email is not public, he cannot be notified of this invitation and you need to make sure they "Login with GitHub" on https://app.tideways.io/login, to get access to the organization.

Still need help? Email [email protected]