Alpha Cloud - Alpha Anywhere Developer's Guide

Delegating Access to Your Cloud Resources



Understanding Authorized Users
Authorizing Users
Viewing Effective Permissions

Understanding Authorized Users


In order to access and manage Alpha Cloud resources, you must either be the owner or a primary contact for a subscription or have authorization delegated to you by a user who has the authority to do so. When a new cloud subscription is purchased, the e-mail of the purchaser is assigned as the owner and primary contact. You can designate another user to be the primary contact for a subscription if you wish. The owner can assign primary contacts and delegate permission to manage specific Alpha Cloud resources as an Authorized User.

Authorization propagates from the subscription to accounts and web sites and from accounts to applications and deployments. This means that you do not have to explicitly authorize a user for each Alpha Cloud resource they manage. You can also limit a user's authorization to specific resources, such as an application while restricting account and web site management access. These "effective" permissions can be viewed using the dialog to manage authorizations for each resource.

Because users permitted to deploy an application need read access to web sites and other resources, they may be able to view these objects. They will not, however, be permitted to make changes to them without the proper authorization.

You can explicitly delegate permission to manage the following cloud resources:

  • Subscriptions
  • Accounts
  • Web Sites
  • Applications
  • Deployments
  • Security Applications

Notes:

  1. If you are the only user accessing your cloud resources (web sites, applications and so on), you are ready to work.
  2. If you have not purchased a subscription or need to publish or manage resources for a subscription that someone else has purchased, they can authorize you to manage specific resources.
  3. You can also be assigned as the primary contact for one or more resources by the owner or primary contact of the subscription or any parent resource.
  4. Only the owner of a subscription can change the primary contact of the subscription.
  5. Managing web site certificates and server groups is part of the subscription permission. Access to the subscription should be limited to a few trusted users.


Authorizing Users


For each Alpha Cloud resource that supports authorized users, there will be a button on the bottom of the dialog from which you manage those resources. The button will be entitled "Manage Authorized Maintainers".

Note: Before explicitly authorizing a user, you may want to check to see if they are already allowed to maintain the resource because they are either a primary contact or have been authorized at the subscription or account level. Having too many individual resources authorized for a user can make it complicated to revoke authorization cleanly.

To add or remove authorized users from an Alpha Cloud resource:

  1. Open the dialog to manage the cloud resource (web site, subscription, account, application) you want to authorize.

  2. Click on the button entitled "Manage Authorized Maintainers" at the bottom of the dialog.

    The dialog below will be displayed.

    Note: In this case we are looking at the Development account in the Alpha Software subscription. The dialog will look a little different depending on which type of resource you are working with.

  3. To authorize a new user, click on the row at the bottom with an asterisk to its left.
  4. Type in the e-mail address of the Alpha Cloud registered user you want to authorize. If this is someone who has access to other Alpha Cloud resources within the subscription already, you may be able to select the address from the drop down list to the right.
  5. To remove authorization, check the box entitled "Delete" to the right of the e-mail address of the user you want to revoke authorization from.
  6. Click the button entitled "Apply Changes" to update Alpha Cloud.
  7. To undo changes since the last time you clicked "Apply Changes", click "Discard Changes"



Viewing Effective Permissions


For each Alpha Cloud resource that supports authorized users, there will be a button on the bottom of the dialog from which you manage those resources. The button will be entitled "Manage Authorized Maintainers".

To view a complete list of users authorized to maintain the selected resource:

  1. Open the dialog to manage the cloud resource (web site, subscription, account, application) you want to authorize.

  2. Click on the button entitled "Manage Authorized Maintainers" at the bottom of the dialog.

    The dialog below will be displayed.

    Note: In this case we are looking at the Development account in the Alpha Software subscription. The dialog will look a little different depending on which type of resource you are working with.

  3. Click on the tab entitled "Effective Authorization".
  4. The list shown has the subscription owner, each primary contact for resources that propagate to the current one, and each explicitly authorized user at each level. The role field shows the resource and type of authorization for each user that effectively granted them permission to maintain the current resource.