IAM(manage access) in Vahana
Identity and access management is a module which is used to provide privileged access to users of Vahana. IAM is used to control access of resources based on permissions given to users.
The key element of IAM is user access rights on Vahana resources.
There will be two roles in the system:
- Admin: When user’s role is assigned as admin , then admin not have to grant any permission , this simply means user will be having access of all the resources.
- Developer : When user’s role will be assigned as developer, then admin have to give permissions of required resources to the user.
- Invite another user to that particular organisation.
- Assign role to the user.
- Give permission to applications. : All the applications mapped to the Admin’s org id.
- Give permission to environments of that applications : List of all the environment based on App id
- Grant permission to resources : List of the resources which are in resource master like access to v flow, access tp v designer , access to create environment.
- Security : If multiple users are working on same module, then configuration data will never become inconsistent , only users having permission can work on that module.
- Risk Management : Risk of delete application , delete service will now be reduced by introducing IAM ,only people who have permission to delete or change services will now be able to delete them.
- Role based access / Customise access control : People can access modules based on their roles , If user is having role of admin, would be able to access all the things, and if he is having role of developer , then permission to modules can be customise.
- Optimizes user experience: Through this user can Single sign-on (SSO) which allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.
- Resources : Resources are modules, features or component of Vahana platform like vConnect, vDesigner , vFlow, edit environment variable.
- Static Resources or App level Resources : App level resources are those resources which are independent of environment , those resources whose behavior will never get change on basis of environment.
- Environment level Resources : Resources who are dependent on environment, whenever environment will change, behavior of resources will change respectively.
When user sign up to Vahana , an org will be created by default having type “Personal”. IAM will not be accessible in personal organisation. So it is strongly suggested that, any official Project/Application must not to be created in Personal OrgId.
To create any official Project/Application, first create a Organisation(as shown below) and then create in inside that Org. Here you can use IAM.
An organisation will be created here , with type “Entity”. For this organisation user can send invite to other users and can provide permission based access.
1) Landing Screen :
Here Admin would be to see list of invited users of that organisation. Admin can add or invite new users to that organisation by clicking on add user .
- To delete access of particular user from the organisation , Admin can also delete the user.
- Add user screen :
- Admin will enter the email id of the user when he wants to invite , an api call will be made to check whether that user exist in VAHANA or not not.
- If user exists in system , admin will assign role to the user, if he assigns the role of Admin, then nothing needs to selected, Admin can invite him , user will get permission to access all the apps related to organisation.
- When admin assigns role of developer to user , admin has to select the applications for which he wants to give access
- Once application got selected , Admin will select app level resources for which he wants to give permission to user .
- He can also give permission based access to resources of environment level
Note : By default all the resources option for sandbox environment will be selected as in most of cases , all the users with developer role can access Sand_Box environment. To remove access from sand_box , admin can uncheck that resource
- On entering email if user not exists , then an error message will be shown that user is not registered.
- To edit user access , user can click on edit user option, all the permissions given to user will be shown in next page from where he can update user access.